I recently switched all of my domains over to Google Domains. While I didn’t have an issue with my previous domain registrar, I wanted to try something new. The primary allure of moving to Google Domains was the fact that private info domain registrations cost nothing additional over public registrations. I’ve never experienced issues as a direct result of public registrations… most likely because I always created email aliases instead of using actual email addresses. Regardless, I haven’t felt completely at ease giving phishers/spammers another way to lookup data on me or my customers. BTW, I’m sure there are other providers possibly doing the same with no cost private upgrades; I just decided on Google because I heard they were doing it and my current registrar charged $/yr for this service.
So with my initial reasoning out of the way, here’s where the main narrative comes in. I was tinkering in my lab and I realized I needed a few dynamic IP addresses associated with hostnames, i.e. I’m not a fan of hard-coding IP addresses. I first turned to DynDNS because I used them for years in my former business and they always worked well. That being said, there wasn’t anything special about what they were doing and I knew there were hundreds of other options that had popped up (and went away) over the years. I figured “why not” until I saw the price had increased substantially over what I had last remembered. The header on the Dyn website also reminded me that Oracle now owned them. Did that play a role in the price increase? I don’t know if that was necessarily the case, but it gave me enough of a reason for me to move on and find an alternative. Without getting into details, I am convinced Oracle is the scourge of the tech world beyond their significant contributions to early databases.
Anywho, I looked through the dynamic DNS list of vendors the firewall vendor provided and I discovered a reference to Google Domains. Huh? Was I about to pay for something I already had and didn’t know existed? To my surprise, yes!
Google actually has a nice write-up on how to create a dynamic DNS record with an existing domain. This guide will overlap with that guide to some degree, but we’ll finish this up by adding this information into pfSense.
Update: I filed a feature request for OPNsense and they added the functionality in version 17.1.3, which was released on 16 March 2017. As a result, these instructions work for OPNsense as well.
Start by going to https://domains.google.com/registrar, which will bring up your list of domains you already own.
Click on the Configure DNS icon next to your domain of choice.
Scroll down to the “Synthetic records” section and switch the dropdown to “Dynamic DNS.” Type in the subdomain name of your choosing and then click Add.
Click the arrow > next to your newly created domain and then click “View credentials” to view the generated username and password. Take note of the domain as well as the username/password as we’ll use them in a bit. Note: The fact Google Domains provides a separate username/password combination for each domain actually gives it a distinct security advantage over services like DynDNS.
If you’re using something other than a pfSense, skip to the bottom and you’ll find some settings for DDclient. Otherwise, read on!
Now, on your pfSense firewall, go to Services > Dynamic DNS. Keep in mind these steps will be similar on any other device that supports Google Domains as a valid Dynamic DNS vendor!
Click Add and then enter your necessary details in the next screen. Remember the domain name, username, and password from the Google Domains section? Also make sure you input the entire domain and *not* just the subdomain. For example, use mydomainofchoice.example.com instead of mydomainofchoice with no domain.
If all goes well, you’ll get back to the dynamic DNS clients page and you’ll see your newly created domain as well a green IP address, which means it updated!
Last but not least, you need to test and verify your domain name resolves. You can do this by going to any command line (Linux or Windows) and typing “ping mydomainofchoice.example.com” and verifying it resolves. Note: I usually try to wait about 5 minutes or so even though the TTL for Google Domains (or most all dynamic DNS services) is 1 minute.
That’s it! Also, if you don’t have a pfSense or similar device, keep in mind that Google Domains also provides support for DDclient although I haven’t tried it out.
So whatever your situation, Google Domains provides a cheap (free) and easy way to access your dynamic public IP address via a hostname for any domain you already own and have registered with them! So don’t pay your ISP for a static… instead, get the same features with dynamic DNS and Google Domains. Very cool!
Dallas Haselhorst has worked as an IT and information security consultant for over 20 years. During that time, he has owned his own businesses and worked with companies in numerous industries. Dallas holds several industry certifications and when not working or tinkering in tech, he may be found attempting to mold his daughters into card carrying nerds and organizing BSidesKC.