yes, this is possible. Just create an account for managed DNS with your domain. On the confirmation page, there will be instructions on how to tell your registrar that you are using deSEC now.
Apply for lower minimum TTL Use custom domain
You can use your router to dynamically update the IPv4 and/or IPv6 address of any deSEC domain in your account by using the domain name as username and your access token as password.
However, for managed DNS domains, the default TTL of your domain will be 3600s, which will make it unstable for use as dynamic DNS. (The default TTL for *.dedyn.io domains is 60s.) Our dynDNS interface will therefore inform you that the domain is “not eligible for dynamic updates” when you attempt an IP update. To solve this problem, you can apply for a lower TTL for your managed domain with the deSEC support at email@example.com. Asking for a lower TTL is no longer necessary. The dynDNS update interface will now always use a TTL of 60s, even with custom domains.
Advanced case: dynDNS with subdomains of a custom domain
A more complicated scenario is when as an example,
example.com is your domain, and you want to use
home.example.com for your dynamic DNS. In this case, please follow these steps: (Let’s assume
$TOKEN is your account access token. I’m using httpie in this example.)
- Create example.com in your deSEC account, provide the DS records and NS records to your domain registrar:
http POST https://desec.io/api/v1/domains/ Authorization:"Token $TOKEN" name="example.com"
- Create home.example.com in your deSEC account and note the DS records:
http POST https://desec.io/api/v1/domains/ Authorization:"Token $TOKEN" name="home.example.com"
- To start using home.example.com, create the following delegation records in your example.com domain:
- DS records from step 2:
http POST https://desec.io/api/v1/domains/example.com/rrsets/ Authorization:"Token $TOKEN" subname="home" ttl=3600 records:='[<insert DS records as output from step 2>]' type="DS"
- NS records:
ns2.desec.org. (note the trailing dot).
http POST https://desec.io/api/v1/domains/example.com/rrsets/ Authorization:"Token $TOKEN" subname="home" ttl=3600 records:='["ns1.desec.io.","ns2.desec.org."]' type="NS"
- Configure your router to send dynamic DNS updates to
https://update.dedyn.io with username
home.example.com and your access token as password.
Ask deSEC support to decrease TTL for (obsolete)
- Verify that DNSSEC is setup correctly with DNSSEC Analyzer
2021-04-07: Edit to reflect that it is no longer necessary to apply for reduced minimum TTL.