Browse Docs

Dynamic DNS Configuration

In this document

Overview
Configuration
- Inadyn
- UniFi Gateways
Questions
- Should I add a Public IP for Dynamic DNS (DDNS) records?
- Can I add more than five records per deployment?

Overview

DefensX supports agentless DNS policy enforcement for on-premise networks. To use this model, you can associate network locations to policy deployments by adding static IP addresses (single IPs or CIDR blocks up to /24) or by using dynamic hostnames.

If you already maintain dynamic DNS hostnames with external providers such as DynDNS, No-IP, FreeDNS, DuckDNS, etc., you can simply add those hostnames directly on the Manage IPs screen, just like adding an IP address.

This article explains DefensX’s built-in Dynamic DNS (DDNS) service, which is available to all DefensX customers. While many third-party DDNS providers exist, DefensX’s service allows you to avoid additional external configuration and maintenance if you prefer a direct, integrated experience.

Configuration

You can make the Dynamic DNS configuration under the Policies → Policy Groups page by clicking on the Actions menu of a specific deployment and selecting the Manage IPs item.

Adding a new DefensX Dynamic DNS hostname:

Click New Dynamic DNS Record
Enter a hostname to identify the physical location (You only need to provide the hostname portion, not a full FQDN)
After saving, the system will generate:
- Your dedicated FQDN
- Username
- Password

These values will be used when configuring DDNS updates on your gateway device.

Tip

DefensX uses the DynDNS v2 (NIC Update) protocol to update dynamic DNS records. DDNS update requests should be sent to https://api.defensx.me. When configured, your hostname will automatically map to: <hostname>.dyn.defensx.me. Depending on the gateway device you use, the update URL and field formatting may vary.

Inadyn

Inadyn is a widely used tool for updating Dynamic DNS records across various DDNS providers. You can use it to update the Dynamic DNS records created in DefensX by using the configuration example below, simply replace the username, password, and hostname fields with the values provided in the DefensX Backend:

custom defensx {
	username    = xxxxxxxxxxx
	password    = xxxxxxxxxxx
	hostname    = testlocation.dyn.defensx.me
	ddns-server = api.defensx.me
	ddns-path   = "/nic/update?hostname=%h&myip=%i"
	ssl = true
}

UniFi Gateways

To configure DefensX Dynamic DNS on UniFi gateways:

Service: Custom
Hostname: (use the value from DefensX Backend)
Username: (use the value from DefensX Backend)
Password: (use the value from DefensX Backend)
Server: api.defensx.me/nic/update?hostname=%h&myip=%i

Questions

Should I add a Public IP for Dynamic DNS (DDNS) records?

No. You do not need to add Dynamic DNS records as separate Public IP entries. All DDNS records created under a deployment are automatically treated as public IPs for that deployment. This means deployment policies can be applied to these DDNS records directly without creating additional public IP entries.

Can I add more than five records per deployment?

By default, each deployment allows a combined total of up to five Public IP and Dynamic DNS records. This limit helps prevent accidental misuse, such as assigning IP addresses that do not belong to the customer or partner.

If you need to exceed this limit, please submit a support ticket. Our Support team will review your request and can increase the limit when appropriate.

Knowledge Base

Browse Docs

Introduction

Management

Deployment

Secure Access (ZTNA)

Integrations

Policy Management

Questions & Answers

Training Videos

MSP Automation