Dynamic dns for public ip address of the firewall – Kerio Tech Firewall6 User Manual

Chapter 8

Configuration of network services

118

8.3 Dynamic DNS for public IP address of the firewall

Kerio WinRoute Firewall provides (among others) services for remote access from the Internet

to the local network (VPN server — see chapter

23

and the Clientless SSL-VPN interface — see

chapter

24

). Also other services can be accessible from the Internet — e.g. the WinRoute’s web

interface (see chapter

21

), remote administration of WinRoute by the Administration Console

(see chapter

16.1

) or any other service (e.g. web server in local network — see chapter

7.4

).

These services are available at the firewall’s public IP address (i.e. public IP address of the

WinRoute host). If this IP address is static and there exists a corresponding DNS record for it,

a corresponding name can be used for access to a given service (e.g. server.company.com).

If there is no corresponding DNS record, it is necessary to remember the firewall’s IP address

and use it for access to all services. If the public IP address is dynamic (i.e. it changes), it is

extremely difficult or even impossible to connect to these services from the Internet.

This problem is solved by WinRoute’s support for dynamic DNS. Dynamic DNS provides DNS

record for a specific name of a server which will always keep the current IP address. This

method thus allows making mapped services always available under the same server name,

regardless of the fact if IP address changes and how often.

How cooperation with dynamic DNS works

Dynamic DNS (DDNS) is a service providing automatic update of IP address in DNS record for

the particular host name. Typically, two versions of DDNS are available:

•

free — user can choose from several second level domains (e.g.

no-ip.org

,

ddns.info

,

etc.)

and

select

a

free

host

name

for

the

domain

(e.g.

company.ddns.info

).

•

paid service — user registers their own domain (e.g. company.com) and the service

provider then provides DNS server for this domain with the option of automatic up-

date of records.

User of the service gets an account which is used for access authentication (this will guarantee

that only authorized users can update DNS records. Update is performed via secured connec-

tion (typically HTTPS) to make sure that the traffic cannot be tapped. Dynamic DNS records

can be updated either manually by the user or (mostly) by a specialized software — WinRoute

in this case.

If WinRoute enables cooperation with dynamic DNS, a request for update of the IP address

in dynamic DNS is sent upon any change of the Internet interface’s IP address (including

switching between primary and secondary Internet connection — see chapter

6.3

). This keeps

DNS record for the particular IP address up-to-date and mapped services may be accessed by

the corresponding host name.

Note:

1.

Usage of DDNS follows conditions of the particular provider.