Staying Safe in Times of Cyber Uncertainty

What Is Dynamic DNS (DDNS)?

With the Dynamic Host Configuration Protocol (DHCP), devices are dynamically assigned IP addresses as they disconnect and reconnect to the network. This can be problematic for applications that link to a static IP address and not to the host name of the device.

The Domain Name Service (DNS) maps hostnames to IP addresses. Dynamic DNS (DDNS) services automatically update their records as IP addresses change to ensure that clients requesting the record for a hostname always receive the correct IP address.

Request a Demo Hunt Malicious Domains

What Is Dynamic DNS (DDNS)?

How Does Dynamic DNS Work?

DDNS services need a means of learning about changes to a device’s IP address. Often, this is accomplished using an agent installed on a router or a device on the organization’s network. This agent will periodically communicate with the DDNS provider and update it regarding IP address changes that could impact DNS records.

Difference Between DDNS and DNS

DNS and DDNS are both designed to implement lookups from hostnames to IP addresses. From a DNS client perspective, the two services are largely identical.

The primary difference between DDNS and DNS is the frequency at which the DNS server’s records are updated. With DNS, records are updated manually by the owner of the DNS record if its infrastructure changes, which is relatively infrequent. With DDNS, record updates happen more frequently and are automated to ensure that DNS clients have access to the latest information.

Types of DDNS

The defining feature of DDNS is the automatic updates to DNS records as the IP addresses of an organization’s systems change. This can be implemented in a couple of different ways. The two main types of DDNS include:

  • Standards-Based DDNS: A standardized mechanism for extending the DNS protocol to include automated updates is defined in RFC 2136. This form of DDNS follows the standard and is commonly used as an extension of a DHCP system.
  • Proprietary DDNS: While a standard for implementing DDNS exists, custom implementations exist as well. These often use HTTP with a set of user credentials to login and change DNS records as needed.

Benefits of Dynamic DNS

DDNS’s automated management and updates to DNS records can provide numerous benefits to an organization. These include:

  • DHCP Support: Using DHCP with DNS is problematic because the IP addresses of services can change over time, resulting in DNS records becoming outdated. DDNS enables the use of DHCP and DNS without the risk of conflicts.
  • Service Availability: With DDNS, an organization can use a hostname to access its systems and services rather than relying on ever-changing IP addresses. This makes it easier to remotely access an organization’s systems and services.
  • Allowlists: Devices may be configured to only allow traffic from certain computers, which can be difficult to configure using IP addresses if a computer’s IP address frequently changes. With DDNS, allowlists can be implemented using hostnames, whose records are automatically updated using DDNS.
  • DNS Automation: Changing DNS records can be time-consuming and risky as a misconfiguration can deny access to critical resources. DDNS automates this process, freeing up resources and reducing the risk to the organization.
  • Cloud Support: The IP addresses of cloud-based resources can change over time unless a permanent public-facing IP address is assigned to them. DDNS enables the DNS records of cloud-hosted services to maintain accurate mappings of hostnames to IP addresses.

DDNS Security

The ability to update mappings from hostname to IP address can benefit cybercriminals as well as organizations. Many companies use blocklists that look for connections to known malicious IP addresses to identify malware installed on their systems.

With DDNS, malware authors can more easily evade these blocklists since malware can be designed to make requests to hostnames rather than IP addresses. If these hostnames are configured with DDNS, attackers can more easily change IP addresses to avoid IP-based blocklists.

Also, if an organization uses DDNS, an attacker may be able to take advantage of this fact in phishing attacks. If the attacker can take control of the DDNS update mechanism, they can redirect users to an attacker-controlled site masquerading as the organization’s website.

DNS security solutions must provide protection against threats to DDNS systems. This includes identifying malicious DNS entries and securing the DNS protocol and channel.

DDNS Security with Check Point

Monitoring and securing DNS infrastructure is an essential part of an enterprise network security strategy. For example, threat intelligence that identifies malicious domains is a rich source of Indicators of Compromise (IoC) for any organization’s security operations center (SOC). Check Point Infinity SOC is a threat hunting tool that can search for malicious domain names used by threat actors and campaigns that use DDNS in attempts to evade IP-based detection.

In addition Check Point Quantum Spark family and the cloud-based Spark family management Security Management Portal also support DDNS. Quantum Spark small business firewalls can be configured to support DDNS to assign a name to the SMB gateway. This fixed name then ensures the firewall is accessible from the Internet even as the external IP address changes.

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK