Tome of Finite Knowledge

Dynamic DNS on OpenWRT

3 min read

Having a dynamic DNS name is useful for many reasons, but often involves complex setup especially if you use a not-so-easy provider.

A package exists for OpenWRT which can automate many of these service updates.

Installation

  1. Go to LuCI System Software
  2. Update Lists
  3. Search for ddns
  4. Install luci-app-ddns and ddns-scripts
  5. Reboot the router

AWS Route53 configuration

To use this with AWS Route53 DNS, you’ll additionally need to install the ddns-scripts-route53 package. first (in the same manner as above).

  1. Go to LuCI Services Dynamic DNS
  2. Click “Add new services…”
  3. Give the service a recognizable name
  4. Select the appropriate IP version scheme (v4 or v6)
  5. Select route53-v1 in the “DDNS Service provider” list
  6. Click “Create Service”

Now, go to the AWS Route53 console and find the Hosted Zone ID of the hosted zone with the relevant DNS A record in it. This typically begins with a Z.

In the AWS IAM console, create and configure an IAM user which has the following permission (don’t forget to update the hosted zone ID):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1403515694000",
            "Effect": "Allow",
            "Action": [
                "route53:ChangeResourceRecordSets",
                "route53:GetHostedZone",
                "route53:ListResourceRecordSets"
            ],
            "Resource": [
                "arn:aws:route53:::hostedzone/<<YOUR HOSTED ZONE ID HERE>>"
            ]
        }
    ]
}

Permissions scoping

It may be possible to further narrow the scope of this permission — I haven’t really tried to mess with it once I got it to work as shown above.

Create an API key for the user, and note both the key ID and secret key.

Back in OpenWRT’s DDNS Service Creation window:

  1. In the Basic Settings tab:
    1. Ensure “Enabled” is checked
    2. Set “Lookup hostname” the hostname you want to map DNS for (for example, vpn.example.com)
    3. Confirm “IP address version” is correct
    4. Confirm “DDNS Service Provider” is rotue53-v1
    5. Set Domain to the Hosted Zone ID from Route53
    6. Set Username to the key ID from IAM
    7. Set Password to the secret key from IAM
    8. Confirm the remaining Optional Encoded Parameter, Optional Parameter, and Use HTTP Secure are empty/unchecked.
  2. In the Advanced Settings tab:
    1. Set IP address source Network
    2. Set Network wan
    3. Set DNS-Server to a different DNS server than the rest of your network (I used 9.9.9.9)
      1. This should be different to avoid DNS caching or any complications with custom hosted DNS serving reverse proxy records
  3. In the Timer Settings tab, set the timer settings as needed. Note that the “check” vs “force” are different — the “check” timer simply check for a change and update the record if needed; the “force” timer updates the record unconditionally. I used the following:
    1. Check Interval 5
    2. Check Unit minutes
    3. Force Interval 1
    4. Force Unit hour
    5. Error Max Retry Counter 0
    6. Error Retry Interval 150
    7. Error Retry Unit seconds

Start the service, and profit!

Graph View