Example: Configuring DDNS Settings (NSM Procedure)

Use Dynamic DNS (DDNS) to enable client devices to dynamically update IP addresses for registered domain names. You might want to use DDNS for a security device that dynamically receives its IP address from an ISP through PPP, DHCP, or XAuth. When the device is protecting a Web server, clients from the Internet can access that Web server using a domain name, even if the IP address of the security device changes.

Note: You can configure Dynamic DDNS for the root device in a vsys, but not for the individual vsys devices.

A DDNS server stores dynamically changed addresses and associated domain names. It also supports custom and static service types on a device running ScreenOS 6.1 or later. To use DDNS, you must set up an account, including username and password, with the DDNS server, such as dyndns.org or ddo.jp. The security device updates DDNS servers with the account information periodically, or in response to IP address changes, and the DDNS server uses the account information to configure client devices.

To control how often the device updates the DDNS server, set the number of minutes between DDNS updates. The default (and recommended) value is 60 minutes; accepted range is 1-1440. However, the device might not update at every interval because the DNS server must first time out the DDNS entry from its cache. If you set the Minimum Update Interval too low, the security device may lock you out.

In this example, you configure a security device to use the DDNS server dyndns.org for resolving changed addresses. In the DDNS settings, you define the Web server as the protected host, and then bind the host to the source interface (ethernet3). When the device sends an update to the ddo.jp server, the host name (www.my.host.com) is associated with the interface (ethernet3).

To configure DDNS settings:

  1. Add a NetScreen-208 security device running ScreenOS 5.1.
  2. In the main navigation tree, select Device Manager > Devices, and then double-click the device to open the device configuration.
  3. Configure general dynamic DNS settings:
    • In the device navigation tree, select Network > DNS > Dynamic DNS.
    • Select Configure Dynamic DNS Instance.
    • Select Enable Dynamic DNS.
  4. Add the DDNS instance for the Web server:
    • Click the Add icon. The New Dynamic DNS dialog box appears.
  5. Configure the following options:
    • For ID, enter 12
    • For Server Type, select dyndns.
    • For FQDN Server Name. enter dyndns.org.
    • For Service Type, enter static dns service.
    • For Refresh Interval (Hours), enter 24.
    • For Minimum Update Interval (Minutes), enter 15.
    • For User Name of DDNS Account, enter swordfish.
    • For Password for DDNS Account, enter ad93lvb.

      Note: You do not need to enter an agent name. The security device automatically generates the agent name using internal information, such as the ScreenOS version, serial name, and platform.

    • For Source Interface, select ethernet3.
    • For Host Name, enter www.my_host.com.
  6. Click OK to save the new DDNS instance, and then click OK to save your changes to the device.

Related Documentation