Domain regstration and DNS for DUGAS.CC and DUGASENTERPRISES.COM have been provided by Dyn.com for many years but I’ve just moved them to Google Domains saving me some money. Dyn’s costs have gone up dramatically over the past few years until it now costs $75/year for registration and DNS for a single .COM domain and $105 for a .CC. Google charges only $12 and $20 respectively saving me $145.year on only two domain. There are two hitches that I’ve run into – DDNS and IPv6.
Dynamic DNS Support
The Sophos UTM9 firewall I’m using runs
ddclient under the hood to handle dynamic DNS updates. Google Domains supports dynamic updates using their own protocol as well as DynDNS-2. The version of
ddclient on the firewall doesn’t include support for Google domains but it works fine with the other protocol. It’s not supported in the UTM’s UI so I manually created the config in
/etc/ddclient/google.conf and added
/etc/crontab.ddclient-google to run
ddclient every 5 minutes.
ssl=yes syslog=yes cache=/var/cache/ddclient/ddclient-google.cache pid=/opt/tmpfs/ddclient-google.pid use=if, if=eth1, server=domains.google.com, protocol=dyndns2, login=XXX, password='YYY' remote.example.com
YYY strings need to be copied from the Google Domains admin interface.
*/5 * * * * root /usr/sbin/ddclient -daemon=0 -file=/etc/ddclient/google.conf
The UTM machine regenerated /etc/crontab and it’s now ensuring the address is updated every 5 minutes.
It seems Google doesn’t think the IPv6 address my ISP assigns are going to change much at all. They don’t support dynamic updates for AAAA records. On the other hand, the UTM has logic to propagate changes in the delegated address blocks from the ISP to internal interfaces. I’ve see that delegation change at least once but I’m not sure if it does very often. I find the different apparent positions to be curious. Not sure if I should be worried about this. At first glance, it seems shortsighted.