Dynamic DNS, or DDNS, is one of the most powerful features in a home Wi-Fi router. It’s the base for hosting many services within your home network.
Examples of these services are a VPN server or a remote desktop connection. At the very least, DDNS allows you to manage your router when you’re away from home using the familiar web interface.
This post will explain — in layman’s terms — what DDNS is and how to set one up to enable remote access to your home router. It’ll also talk about port forwarding, the most popular networking feature used in tandem with DDNS.
Though this is in the realm of advanced networking, DDNS is straightforward. Still, make sure you’re familiar with IP addresses, especially the WAN IP, before continuing.
Dong’s note: I first published this piece on April 24, 2019, and updated it on November 1, 2020, to include additional relevant information.
Dynamic DNS explained
To know what DDNS is, you first need to understand DNS — short for domain name system. You can find out more about DNS in this post, but, in a nutshell, DNS is a mechanism that associates a label — such as a domain name like dongknows.com — with an IP address.
DNS is helpful because it’s much easier for us to remember a label than a string of numbers. (This is similar to your phone’s Contacts, where you only need to remember your friends’ names and not their digits.)
Dynamic DNS is the same concept but applies to a dynamic WAN IP — one that changes periodically. The majority of home broadband plans don’t include a static WAN IP — it’s expensive to have a fixed WAN IP address that remains the same at all times.
You can easily find out your WAN IP right now. In a week, though, check again, and chances are you’ll get a new address.
In other words, even if you write down your current WAN IP address — or remember it by heart — you probably can’t rely on it to dial home. When you do, that address might have moved to somebody else’s home network.
That’s where DDNS comes into play: It associates your current WAN IP address — no matter what it is at any given time — with a consistent domain name of your choice.
As a result, you can always use that label (domain name) to access your home network from anywhere in the world, without even having to know its IP address.
Dynamic DNS requirements
To take advantage of DDNS, you need three things: A private WAN IP, a Dynamic DNS service, and a DDNS updater device.
A private WAN IP
Clearly, you need to have direct access to your home network’s WAN IP address if you want to dial home. So, you can’t use DDNS if you use somebody else’s IP.
That said, your home network must have a WAN IP of its own. That’s the case of most residential Internet plans, where you have a modem (or gateway) or a fiber optical network terminal (ONT) unit.
But there are situations where you can access the Internet but have no WAN IP of your own — one that you have control over, that is.
Here are some examples of unusual situations where DDNS is a no go:
- You live in a condo (or hotel room) where the building’s central location provides everybody with the Internet. In this case, your local network has no WAN IP of its own. It just has access to the Internet.
- You have an Internet service that uses large-scale NAT (CGNAT).
- You need to keep your ISP-provided gateway and want to put another router on top of it. (In this case, check out this post on a double NAT setup.)
Dynamic DNS service
This service is the provider of the domain you want to use. There are many third-party DDNS services, like NoIP, FreeDNS, or Dyn. Some require a small annual fee, but most give you one domain for free. And you don’t need more than one.
Better yet, known networking vendors — Asus, Netgear, TP-Link, and so on — also include a DDNS domain with a router for free. It’s convenient to use the networking vendor’s DDNS but that’s not a must.
Extra: Asus routers and DDNS
For its DDNS feature, Asus also includes a secure certificate (SSL) with each of its routers.
This free SSL certificate is a bonus since a domain needs one — normally costs an annual fee — to be recognized as “secure” or “private” by a browser. You can use this certificate with any third-party DDNS service, as seen in the screenshot at the top of this page.
Without this certificate, the browser might generically prompt that it’s “unsafe” to visit the domain, even though you know that’s not the case.
That said, considering Asus’s home Wi-Fi routers are among the best, if you want to dabble into the word of DDNS with ease, I’d recommend an Asus router. But any router with this feature will do.
Dynamic DNS updater device
A DDNS updater resides within your network and does the job of persistently binding a domain name with your WAN IP.
Most routers and NAS servers have a built-in DDNS updating function. Since your router is the gateway to the Internet, it’s best to use it as the DDNS updater device.
If a router doesn’t support DDNS, chances are it’s not a good router anyway. It’s definitely not suitable for your needs, considering you’re reading this — you should replace it.
But, alternatively, you can use any device within your network that has a DDNS updating feature. Or you can also use a DDNS software client on a computer to turn it into an updater.
In this case, make sure you use a stationary computer (like a server or a desktop) and not a laptop that you carry with you — it’d be updating your DDNS domain with the IP of the location where you are. This computer will also need to be on at all times.
Dynamic DNS: Should I be concerned about security?
Yes, you should always be concerned about security. But that has little — if at all — to do with DDNS.
DDNS does not affect your home network’s security. It doesn’t make your system safer, nor does it make it more vulnerable. The reason is you always have a WAN IP, and that’s all hackers need to attempt to attack your router.
That said, though, a DDNS domain name does make accessing your home network easier — and consistent — since it remains the same even when the WAN IP changes.
So, for security reasons, make sure you keep your DDNS domain name secure and don’t reveal it to anyone — in a way, it’s like your home address.
On top of that, also follow these good practices to keep your router safe. At the very least, use a secure admin password for your router and avoid using default port numbers — more below.
Steps to set up Dynamic DNS
No matter what router you use — clearly, we’re talking about one that supports DDNS here — the steps to set up DDNS are mostly the same. The following are the general steps.
Setting up DDNS on any a router
- Check to make sure your router has the WAN IP address. If it’s the only router (or gateway) you use then that’s always the case. On the other hand, if you use a router on top of another router, make sure you follow these steps to get the WAN IP to the router first.
- Check the router’s web interface to find out what DDNS services it supports — most routers support at least a few — and pick one for yourself. By the way, within a router’s web interface, the location of the DDNS feature varies from one networking vendor to another, but generally, it’s in the WAN (a.k.a Internet) or Advanced or Administration (Admin), or System part.
- Sign up for an account with the DDNS service and pick a domain of your liking. After signing up, you’ll get an account (username and password) and a domain name. Write down this information and keep it secure.
- Go back to your router’s interface and enter the information you have written down at the DDNS section. Apply the changes, and you’ll see a message that the association is successful.
From then on, the domain name is now the persistent address of your home router.
Extra: Setting up DDNS on an Asus router using Asus’ DDNS service
If you use an Asus router and want to use Asus’ built-in free DDNS service, here are the more specific steps:
- Log in to your router’s web interface.
- Under the Advanced Settings menu item, click on WAN and then on the DDNS tab.
- Change the value of Enable the DDNS Client to Yes and Server to WWW.ASUS.COM
- Enter a Host Name value of your liking — your DDNS domain will be hostname.asuscomm.com with hostname being whichever you choose that’s not already taken by somebody else.
- Pick the option to use a Free Certificate from Let’s Encrypt then click on Apply. If the hostname you picked is available, then your DDNS is now ready. If it’s not (already used by somebody else), you’ll get an error. Now repeat from step #4 to pick a new one.
And that’s it; now your DDNS domain name is ready and in effect. And you can use it for any remote access services hosted at within your home network.
Understanding network ports
To set up most remote access services, you’ll need to know about network ports. These are identifying numbers at the destination side of a connection. A router uses ports to determine which application or client a message from the remote party should be delivered to.
Calling a port
If the DDNS domain name is your home address, then ports are like the doors of your house.
That said, a remote party generally needs to specify the port it wants to use by attaching it to the domain name in this format: DomainName:Port (note the colon punctuation mark). It’s like specifying a specific door to knock on.
For example, if the DDNS domain name is hostname.asuscomm.com and you want to use port 1000 then you use this address:
There are a few exceptions where you don’t need to specify a port; one of them is port 80. This port is a well-known and default port for web hosting.
For this reason, when you type in a domain name in a web browser without specifying any port, it’s understood that you want to call port 80.
For the same token, if you deliberately specify this port with any website (like dongknows.com:80), the port will be omitted automatically. Try a different port number, and you’ll get an error or no result at all.
But the rule of thumb is you generally need to specify a port when you want to access a destination via the Internet.
Port forwarding (a.k.a Virtual Server)
Port forwarding is the job of the router at the destination. It’s a function that opens and directs a port being called to a specific device or service within the local network.
For example, if you want to host a website at home, then forward port 80 to the IP address of the computer you use as the webserver.
Pro tip: For port forwarding to work consistently, the destination device’s local IP address (the server) needs to remain the same at all times. This is where the router’s IP reservation feature comes into play.
Considering how this function works, some networking vendors call port forwarding as “Virtual Server.” Each virtual server is a port forwarding entry. Generally, a home router can handle a few dozen port forwarding entries.
In a network, any port that’s not forwarded is generally closed. Consequently, any access requests to this port will return an error. (It’s like trying to get through a door that is not opened.)
Some routers allow two values in port forwarding: External (or public) and internal (private). In this case, external is the port the remote party calls, i.e., the one attached to the domain name as mentioned above. Internal is the port at the device that hosts the service.
You can use the same number for both or use a different one for each. In the latter case, it’s like knocking on the window to get the front door open.
Pro tip: For security, when turning on port forwarding for sensitive services, make sure you do not use the default known port numbers, at least on the public (external) side. Examples of these ports are 3389 (remote desktop) or 8080 (router’s web interface). These ports are being knocked on all the time by hackers.
How to enable remote access to your router’s interface
As mentioned above, DDNS opens up many applications. Using it to remotely access your router’s web interface from anywhere in the world is one of them. And it’s probably the most popular use of DDNS.
For security reasons, routers tend to have this remote access feature turned off by default. Here are the general steps to turn it on:
- Within the router’s interface, navigate to the Remote Management (or Remote Access, or Web Administration, or Web Acess from WAN) section. The location varies depending on the router you use, but it’s generally in the Advanced or System area of the interface.
- Change the setting to enable the feature. Don’t specify a specific computer or IP for the remote party.
- Change the default port (8080) to a number of your liking, just not one already used for another service. Turn on https when applicable.
- Apply the changes.
And that’s it. Since you’ll access the router itself — and not a device within your home network — there’s no need to set up a port forwarding for remote management. In other words, the router already set that up for you.
Going forward you can log in your router’s interface from anywhere in the world via the DDNS domain name. Just make sure you use the correct address.
For example, if hostname.asuscomm.com is your DDNS domain name and 8910 is the port for remote management, then the full web address to access your router remotely is:
If you also have https turned on, then the address now is:
Here’s an interesting fact: Using remote access this way is an excellent alternative to signing up for an account with the vendor. Vendor-assisted remote access generally means you’ll have to sacrifice your privacy because your router will connect to the vendor at all times. Dynamic DNS allows you to stay independent, and that’s just one of its many benefits.
Again, Dynamic DNS is by far one of the most useful features of a home router. It gives users control of their network for advanced applications. In fact, the proper use of this feature and port forwarding is a major part of turning you into an advanced user. Try them out!