Update all hosts with one link (FRITZ!Box)

DFS · June 12, 2021, 6:13pm

Hello,

I’d like to update all my hosts with IPv4 and IPv6 with a single update link as my FRITZ!Box only supports a single DynDNS entry.

Example:
blabla.com
several subdomains (e. g. mail.blabla.com)

Is there a possibility to set a single update hostname for my FRITZ!Box that updates all A/AAAA entries for the hostnames mentioned above?

Thanks in advance,
David

peter · June 13, 2021, 12:31am

Hi DFS,

Thanks for your message, and welcome to deSEC!

Each update request can only set the IP address(es) for one host. However, you can create CNAME records for the other hosts which point to the one which has the IP address(es). This way, the IP address(es) will automatically be applicable for the other hosts too (think of CNAME as an alias on DNS level).

In your example, you can create a CNAME record for the mail subdomain, and the value (target) of the record would be blabla.com..

To set up these records, you can either use our web interface or our API.

Stay secure,
Peter

halhalhal · June 8, 2022, 6:01pm

The documentation of the API say to use a token instead of the password for the setup in the FritzBox.
The Fritz Box has no method the access the token from desSEC.
Has anybody a idea how to get a lifetime “token value” within the dessec.io API.
I see only “tokens” valid for a few minutes.

Stefan · August 9, 2023, 8:15am

Hi Peter,

I have a very similar requirement. I’ve two domains registered currently.
To each of them do belong a few subs that are of type CNAME.

example1.dedyn.io
example2.dedyn.io

In my FritzBox DynDNS section, example1.dedyn.io will be updated each time it gets a new WAN IP. This works as expected.
But I’m struggling what to configure in the deSEC web-ui and for which of the both domains, in order to get the other one (example2.dedyn.io) updated as well and when my WAN IP changes.

Thanks & regards,
Stefan

peter · August 9, 2023, 9:54am

Hi Stefan,

Thanks for your message, and welcome to deSEC!

CNAME records only work on subdomains. (This is not a deSEC limitation, but a limitation of the DNS.)

However, example2.dedyn.io is a domain (not a subdomain) in your account, so you can’t use CNAME. As a result, you will have to explicitly update that domain’s IP address. Currently, this means that you will have to issue two update requests.

We might implement updating multiples names in one go, but that’s not likely to happen any time soon. You can subscribe to this GitHub issue to get informed about any status changes.

Stay secure,
Peter

Stefan · August 9, 2023, 10:18am

Hi Peter,

alright, got it. Thanks for your fast reply.
I thought it might be also possible for multiple domains, not just subs.

By chance, do you have a hint how to achieve this easily?
E.g. by using an “alternative” Query-URL?

Previously I actually did exactly this with “DDNS Updater 2” on my Synology NAS and it has worked very well.
But since I’ve upgraded my NAS to DSM 7.2, that app isn’t compatible anymore.
Hence I cannot use it from now on and the FritzBox only allows to update a single domain, not multiple.

Thanks & BR
Stefan

peter · August 9, 2023, 10:33am

You can remove the need for multiple updates by simply moving to subdomains.

Otherwise, you’ll have to make these requests some other way, e.g. every few minutes using some automated tool. You might want to take a look at Tools implementing deSEC and at the documentation.

Stay secure,
Peter

Stefan · August 10, 2023, 7:04am

Hi Peter,

in my scenario, there is a need for two domains - I cannot fulfill it just by using a single domain with multiple subs.
But thanks for your hint. I have already an idea.

BR
Stefan

GenericUser · August 11, 2023, 11:02am

Fritzbox routers support a “prefix update” where the public prefix is sent to the dynamic DNS service. The idea is to update the AAAA records of a bunch of dns labels such that they keep the interface identifier and only update the prefix part.

Unlike with IPv4, CNAMEs do not solve the problem, because different IPv6 hosts have different IPv6 addresses, so that clients can connect directly instead of through the router’s address as with IPv4.

The prefix update feature is currently not usable with Dedyn.io. The single IPv6 address which the Fritzbox routers otherwise send in a dynamic DNS update is the address of the router. This address is usually not even in the same IPv6 prefix as the LAN hosts.

A free dynamic DNS service which supports prefix updates is dynv6.com. You can use that service standalone or set some CNAME records to point at the labels on the other dynamic DNS service.

peter · August 11, 2023, 11:31am

Hi GenericUser,

Welcome to deSEC!

For your feature suggestion, please see Add subdomains with dynamic subnets to *.dedyn.io domains · Issue #13 · desec-io/desec-stack · GitHub. We’re happy to accept pull requests for this feature!

Stay secure,
Peter