Dynamic DNS, or DDNS, is one of the most useful features of a home Wi-Fi router. It’s the base for hosting many services within your home network. Examples of these services are a VPN server or a remote desktop connection. At the very least, DDNS allows you to manage your router when you’re away from home using the familiar web interface.
This post will explain — in layman’s terms — what DDNS is and how to set one up to enable remote access to your home router. It’ll also talk about port forwarding, one of the most popular networking features used in tandem with DDNS.
Though this is in the realm of advanced networking, DDNS is quite straightforward. Just make sure you’re familiar with IP addresses, especially the WAN IP, before continuing.
Dynamic DNS explained
To know what DDNS is you first need to understand DNS — short for domain name system. You can find out more in this post but, in a nutshell, DNS is a mechanism that associates a label — such as domain name like dongknows.com — with an IP address.
DNS is helpful because it’s much easier for us to remember a label than a string of numbers. (This is similar to your phone’s Contacts where you only need to remember your friends’ names and not their digits.)
Dynamic DNS is the same concept but applies to a dynamic WAN IP — one that changes periodically. The majority of home broadband plans don’t include a static WAN IP — it’s expensive to have a fixed WAN IP address that remains the same at all times.
You can easily find out your WAN IP right now. In a week, though, check again and chances are you’ll get a new address. In other words, even if you write down your current WAN IP address — it’s hard to remember a long string of numbers — you probably can’t use it to dial home. When you do, that address might have moved to somebody else’s home network.
That’s where DDNS comes into play: It associates your current WAN IP address — no matter what it is at any given time — with a consistent domain name of your choice. As a result, you can always use that domain name to access your home network from anywhere in the world.
Dynamic DNS requirements
For DDNS to work, you need two things: a DDNS service, and a DDNS updater device within your network. The former gives you a domain name, and the latter does the job of binding that domain name with your WAN IP.
Dynamic DNS service
This service is the provider of the domain you want to use. There are many third-party DDNS services, like NoIP, FreeDNS, or Dyn. Some require a small annual fee, but most give you one domain for free. And you don’t need more than one.
Better yet, known networking vendors — Asus, Netgear, D-Link and so on — also include a DDNS domain with a router for free. It’s convenient to use the networking vendor’s DDNS but that’s not a must.
Extra tip: For its DDNS, Asus also includes a secure certificate (SSL) with its routers. This free SSL certificate is quite a bonus since a domain needs one — normally costs an annual fee — to be recognized as “secure” by a browser. Without this certificate, the browser might prompt that it’s “unsafe” to visit the domain.
Dynamic DNS updater device
Most routers and NAS servers have built-in DDNS updating function. Since your router is the gateway to the Internet, it’s best to use it as the DDNS device.
If a router that doesn’t support DDNS, chances are it’s not a good router anyway. It’s definitely not suitable for your needs, considering you’re reading this — you should replace it.
But, alternatively, you can use any device within your network that has a DDNS updating feature. Or you can also use a DDNS software client on a computer to turn it into an updater.
In this case, make sure you use a stationary computer (like a server or a desktop) and not a laptop that you carry with you. This computer will also need to be on at all times.
Dynamic DNS: Should I be concerned about security?
Yes, you should always be concerned about security. But that has little — if at all — to do with DDNS.
DDNS doesn’t affect your home network’s security. It doesn’t make your system safer or does it make it more vulnerable. The reason is you always have a WAN IP, and that’s all hackers need to attempt to attack your router.
That said, though, a DDNS domain name does make accessing your home network easier — and consistent — since it remains the same even when the WAN IP changes.
So, for security reasons, make sure you keep your DDNS domain name secure and don’t reveal it to anyone — in a way, it’s like your home address. On top of that, also follow these good practices to keep your router safe. At the very least, use a secure admin password for your router and avoid using default port numbers.
Steps to set up Dynamic DNS
No matter what router you use — clearly, we’re talking about one that supports DDNS here — the steps to set up DDNS are mostly the same. The following are the general steps.
Setting up DDNS on any a router
- Check to make sure your router has the WAN IP address. If it’s the only router (or gateway) you use then that’s always the case. On the other hand, if you use a router on top of another router, make sure you follow these steps to get the WAN IP to the router first.
- Check our router’s web interface to find out what DDNS services it supports — most routers support at least a few — and pick one for yourself. By the way, within a router’s web interface, the location of the DDNS feature varies from one networking vendor to another, but generally, it’s in the WAN (a.k.a Internet) or Advanced or Administration (Admin), or System part.
- Sign up for an account with the DDNS service and pick a domain of your liking. After signing up, you’ll get an account (username and password) and a domain name. Write down this information and keep it secure.
- Go back to your router’s interface and enter the information you have written down at the DDNS section. Apply the changes, and you’ll see a message that the association is successful.
From then on, the domain name is now the persistent address of your home router.
Extra: Setting up DDNS on an Asus router using Asus’ DDNS service
If you use an Asus router and want to use Asus’ built-in free DDNS service, here are the more specific steps:
- Log in your router’s web interface
- Under the Advanced Settings menu item click on WAN and then on the DDNS tab
- Change the value of Enable the DDNS Client to Yes and Server to WWW.ASUS.COM
- Enter a Host Name value of your liking — your DDNS domain will be hostname.asuscomm.com with hostname being whichever you choose.
- Pick the option to use a Free Certificate from Let’s Encrypt then click on Apply. If the hostname you picked is available, then your DDNS is now ready. If it’s not (already used by somebody else) repeat from step #4 to pick a new one.
And that’s it; now your DDNS domain name is ready and in effect. And you can use it for any remote access services hosted at within your home network.
Understanding network ports
To set up most remote access services, you’ll need to know about network ports. These are identifying numbers at the destination side of a connection. A router uses ports to determine to which application or client, a message from the remote party should be delivered.
Calling a port
If the DDNS domain name is your home address, then ports are like doors of your house.
That said, a remote party generally needs to specify the port it wants to use by attaching it to the domain name in this format: DomainName:Port (note the colon punctuation mark). It’s like specifying a specific door to knock on.
For example, if the DDNS domain name is hostname.asuscomm.com and you want to use port 1000 then you use this address:
There are a few exceptions where you don’t need to specify a port; one of them is port 80. This port is a well-known and default port for web hosting.
For this reason, when you type in a domain name in a web browser without specifying any port, it’s understood that you want to call port 80. For the same token, if you deliberately specify this port with any website (like dongknows.com:80) the port will be omitted automatically. Try a different port number and you’ll get an error.
But the rule of thumb is you generally need to specify a port when you want to access a destination via the Internet.
Port forwarding (a.k.a Virtual Server)
Port forwarding is the job of the router at the destination. It’s a function that directs a port being called to a specific device or service within the local network.
For example, if you want to host a website at home, then forward port 80 to the IP address of the computer you use as the webserver. For this reason, some networking vendors, such as TP-Link and D-Link, label port forwarding as “Virtual Server.”
In a network, any port that’s not forwarded is generally close. Consequently, any access requests to this port will return an error. (It’s like trying to get through a door that is not opened.)
Some routers allow for two values in port forwarding: External (or public) and internal (private). In this case, external is the port the remote party calls, i.e., the one that’s attached to the domain name. Internal is the port at the device that hosts the service.
You can use the same number for both or use a different one for each. In the latter case, it’s like knocking on the window to get the front door open.
Pro tip: For security, when turning on port forwarding for sensitive services, make sure you do not use the default known port numbers, at least on the public (external) side. Examples of these ports are 3389 (remote desktop) or 8080 (router’s web interface). These ports are being knocked on all the time by hackers.
How to enable remote access to your router’s interface
As mentioned above, DDNS opens up many applications. Using it to remotely access your router’s web interface from anywhere in the world is one of them. And it’s probably the most popular use of DDNS.
For security reasons, routers tend to have this remote access feature turned off by default. Here are the general steps to turn it on:
- Within the router’s interface, navigate to the Remote Management (or Remote Access, or Web Administration, or Web Acess from WAN) section. The location varies depending on the router you use, but it’s generally in the Advanced or System area of the interface.
- Change the setting to enable the feature. Don’t specify a specific computer or IP for the remote party.
- Change the default port (8080) to a number of your liking, just not one already used for another service. Turn on https when applicable.
- Apply the changes.
And that’s it. Since you’ll access the router itself — and not a device within your home network — there’s no need to set up a port forwarding remote management. In other words, the router already set that up for you.
Going forward you can log in your router’s interface from anywhere in the world via the DDNS domain name. Just make sure you use the correct address.
For example, if hostname.asuscomm.com is your DDNS domain name and 8910 is the port for remote management, then the full web address to access your router remotely is:
If you also have https turned on then the addresst now is:
Here’s an interesting fact: Using remote access this way is an excellent alternative to signing up for an account with the vendor. Vendor-assisted remote access generally means you’ll have to sacrifice your privacy because your router will connect to the vendor at all times. Dynamic DNS allows you to stay independent, and that’s just one of its many benefits.