Editing Dynamic DNS (section)

== Types ==
The term DDNS is used in two ways, which, while technically similar, have very different purposes and user populations.  The first is ''standards-based DDNS'', which uses an extension of the DNS protocol to ask for an update; this is often used for company laptops to register their address.  The second is ''proprietary DDNS'', usually a web-based protocol, normally a single HTTP fetch with username and password which then updates some DNS records (by some unspecified method); this is commonly used for a domestic computer to register itself by a publicly known name in order to be found by a wider group, for example as a games server or webcam.

End users of Internet access receive an allocation of IP addresses, often only a single address, by their Internet service provider. The assigned addresses may either be fixed (i.e. static), or may change from time to time, a situation called ''dynamic''. Dynamic addresses are generally given only to residential customers and small businesses, as most enterprises specifically require static addresses.

Dynamic IP addresses present a problem if the customer wants to provide a service to other users on the Internet, such as a web service. As the IP address may change frequently, corresponding domain names must be quickly re-mapped in the [[Domain Name System|DNS]], to maintain accessibility using a well-known URL.

Many providers offer commercial or free DDNS service for this scenario. The automatic reconfiguration is generally implemented in the user's [[router (computing)|router]] or computer, which runs software to update the DDNS service. The communication between the user's equipment and the provider is not standardized, although a few standard web-based methods of updating have emerged over time.

=== Standards-based DDNS ===
The standardized method of dynamically updating domain name server records is prescribed by {{IETF RFC|2136}}, commonly known as Dynamic DNS update. The method described by RFC 2136 is a network protocol for use with managed DNS servers, and it includes a security mechanism. RFC 2136 supports all DNS record types, but often it is used only as an extension of the [[DHCP]] system, and in which the authorized DHCP servers register the client records in the DNS. This form of support for RFC 2136 is provided by a plethora of client and server software, including those that are components of most current operating systems. Support for RFC 2136 is also an integral part of many [[directory service]]s, including [[LDAP]] and [[Active Directory|Windows' Active Directory]] domains.

=== Applications ===
In [[Microsoft Windows]] networks, DDNS is an integral part of [[Active Directory]], because [[domain controller]]s register their [[SRV record|network service types]] in DNS so that other computers in the domain (or forest) can access them.

Increasing efforts to secure Internet communications today involve encryption of all dynamic updates via the public Internet, as these public DDNS services have been abused increasingly to design security breaches.  Standards-based methods within the [[DNSSEC]] protocol suite, such as [[TSIG]], have been developed to secure DNS updates, but are not widely in use.  Microsoft developed [[TSIG#Alternatives to TSIG|alternative]] technology ([[Generic Security Service Algorithm for Secret Key Transaction|GSS-TSIG]]) based on [[Kerberos (protocol)|Kerberos]] authentication.

Some [[Free software|free]] DNS server software systems, such as [[dnsmasq]], support a dynamic update procedure that directly involves a built-in [[DHCP]] server.  This server automatically updates or adds the DNS records as it assigns addresses, relieving the administrator of the task of specifically configuring dynamic updates.

==== DDNS for Internet access devices ====
DDNS providers offer a software [[Client (computing)|client]] program that automates the discovery and registration of the client system's public IP addresses. The client program is executed on a computer or device in the private network. It connects to the DDNS provider's systems with a unique login name; the provider uses the name to link the discovered public IP address of the home network with a hostname in the domain name system. Depending on the provider, the hostname is registered within a domain owned by the provider, or within the customer's own domain name. These services can function by a number of mechanisms. Often they use an [[HTTP]] service request since even restrictive environments usually allow HTTP service. Most providers have an API similar to a first provider DynDNS (Dyn.com) so it's often called DynDNS2.

Many home networking [[Residential gateway|modem/routers]] include client applications in their [[firmware]], compatible with a variety of DDNS providers.

==== DDNS for security appliance manufacturers ====
Manufacturers of various security devices, such as IP cameras and [[digital video recorders]] (DVRs), can make use of DDNS services to ensure the IP addresses of their devices are automatically associated with the correct domain.<ref>{{Cite web |url=https://www.fortinet.com/resources/cyberglossary/dynamic-dns |title=What Is A Dynamic DNS (DDNS)? |website=Fortinet}}</ref>

In almost all cases, a simple [[HTTP]] based update [[Application programming interface|API]] is used as it allows for easy integration of a DDNS [[Client (computing)|client]] into a device's [[firmware]]. There are several pre-made tools that can help ease the burden of server and client development, like MintDNS,<ref>{{Cite web|url=https://dynamic.domains/|title=Dynamic DNS (DDNS) Server Solutions|date=January 27, 2020|website=Dynamic Domains}}</ref> [[cURL]] and Inadyn.<ref>{{cite web | url=https://github.com/troglobit/inadyn | title=Internet Automated Dynamic DNS Client | website=[[GitHub]] }}</ref> Most web-based DDNS services use a standard user name and password security schema. This requires that a user first create an account at the DDNS server website and then configure the device to send updates to the DDNS server whenever an [[IP address]] change is detected.

Some device manufacturers go a step further by only allowing their DDNS Service to be used by the devices they manufacture, and also eliminate the need for user names and passwords altogether. Generally this is accomplished by [[encrypting]] the device's [[MAC address]] using an cryptographic algorithm kept secret on both the DDNS server and within the device's firmware. The resulting [[decryption]] or decryption failure is used to secure or deny updates.  Resources for the development of custom DDNS services are generally limited and involve a full [[software development cycle]] to design and field a secure and robust DDNS server.