Monday, February 25, 2008

TR-069 Dynamic DNS (DDNS)

Let me give some introduction on DDNS before giving some ideas on DDNS data model.

Many small offices would not want to pay for static public IP addresses and yet host servers for public access. For public access of servers, it is necessary that reachability information is constant. DDNS functionality enables this. DDNS providers facilitate this by allowing CPE devices to advertise IP address changes to DDNS providers. DDNS providers internally update their DNS servers with this new IP address.

DynDNS is a popular protocol used by many DDNS providers. Though it is not a defined by IETF or any other standard body, this seems to be quite popular. DDNS providers such as and use this protocol to provide dynamic DNS service. TZO is another protocol used to update the service. DDNS provider provides DDNS Service using this protocol.

As an end user, following steps are to be followed to get hooked into this service:
  • Create account with DDNS provider using their web site. You may be asked to provide your email address, user name and password.
  • Register your domain names with the DDNS provider by visiting their web site or by using one of their clients.
  • Configure your router with DDNS provider information to update IP address automatically.
  • Set up your internal servers for public access.
  • Configure your CPE router to forward the traffic to your servers.

CPE router configuration: CPE routers normally support multiple instances of DDNS - One instance for each WAN link. For example, If there are two WAN links, then CPE devices will have two DDNS client instances. Each client instance can update the IP address for multiple domain names. Each record would need to have following information configured.
  • Name of the record : To identify the record.
  • WAN interface (link): DDNS client monitors the IP address of this link. Wheneverthe IP address of the link is changed, then it starts the process of updating.
  • Update time period: This time period indicates the periodic interval to update the IP address, even if the link address is not changed. This configuration parameter is not used by some DDNS protocols such as 'dyndns'.
  • Domain name 1 : Name of the domain name that was registered.
  • Domain name2
  • Domain name3
  • Domain name4
  • DDNS protocol to be used: Protocol that is to be used to update IP address. 'dyndns', 'tzo', 'dhrp' etc..
  • Provider details
    • In case of dyndns, the additional configuration required to contact DDNS provider are:
      • DDNS provider IP address or FQDN: Reachability information to reach DDNS provider.
      • Relative URL (Script name): DynDNS protocol is HTTP or HTTPS based. This parameter indicates the CGI script to be used to send update information. Unfortunately, this name is not standardized. Different providers are using different script names. Hence, this should be taken as configuration parameter.
      • Protocol : HTTP or HTTPS
      • Port : Typically, it is 80 or 443.
      • User name and password: User name and password used to create account with DDNS provider.
      • Trusted Certificate in PEM form: When HTTPS used. This certificate is used to authenticate the DDNS provider to avoid MITM attacks.
      • Note: DDNS client always should send MX=NOCHG and wildcard = NOCHG to ensure that configuration done using DDNS provider website is not erased.
    • TZO provider information: As I understand, TZO protocol defines server discovery. I guess this is mainly for load balancing. It involves following stages - Getting IP addresses of clusters and getting IP addresses of update servers and then updating IP address to one of the update servers.
      • ProviderIP address/host name (Cluster lookup host): Using this IPaddress/host name, the TZO client in the CPE gets the all IP addresses of cluster. TZO client makes a TCP connection for this purpose.
      • Cluster lookup port: Port used by TCP connection to do cluster lookup. Default : 21340
      • Update Server lookup Port: Once TZO client gets the cluster IP addresses, it is expected to choose one of them and make another TCP connection to get the list of servers that can be used to update the new dynamic public IP address. This port is used by client to make the connection. Default : 21344
      • Email address: Mail address used when the TZO account was created.
      • Key: Key generated when the TZO account was created.
Based on above explanation, the TR-069 data model for DDNS could be:

  • internetGatewayDevice.DynamicDNS.{i} : PC - New instances can be created.
    • Name
    • Enable
    • LinkReference : Fully Qualified name of WanDevice->WanConnectionDevice->WanIPConnection or WANPPPConnection.
    • UpdateTimePeriod : In seconds.
    • DomainName1
    • DomainName2
    • DomainName3
    • DomainName4
    • DdnsProtocol : Takes one of the values of 'dyndns', 'tzo'
    • internetGatewayDevice.DynamicDNS.{i}.dyndns
      • ProviderFQDN
      • ProviderURLScript
      • ProviderProtocolSupports: Read Only, String, It takes comma separated protocol strings such as http, https etc..
      • ProviderProtocol : take 'http' or 'https'
      • ProviderPort
      • Username
      • Password
      • ProviderCACertificate : Valid only if 'https'
    • internetGatewayDevice.DynamicDNS.{i}.tzo
      • ProviderClusterLookupFQDN
      • ProviderClusterLookupPort
      • ProviderUpdateServerLookupPort
      • RegisteredEmailAddress
      • KeyProvided

No comments: