Networking

Make your home PCs accessible anywhere with Dynamic DNS for free

You can access your home network from the public Internet without investing in a pricey broadband account that has a static IP address. See how to use this free DDNS service to configure your router to update the DDNS server with your dynamically changing IP address and open the ports necessary to access your resources from the Internet.

This article is also available as a PDF download.

You may have a home network with a permanent-on broadband connection that allows you to access the outside world anytime 24/7, but how do you go the other direction and access your home network from the public Internet? This might be possible if you wanted to spend two to four times the money on a broadband account with a static IP address (an Internet Protocol address that doesn't ever change), but that's not feasible for everyone. Fortunately there is a free and easy solution to solve this problem with DDNS (Dynamic DNS) service from DynDNS.com. This article will show you how to set up a free account, configure your router to update the DDNS server with your dynamically changing IP address, and open the ports necessary to access your resources from the Internet.

Things you can do with Dynamic DNS:

  • Remote Desktop or VNC into your own personal computer from anywhere on the Internet. This usually doesn't use a lot of bandwidth, but it could if you enable desktop animation and audio or video playback over the remote connection. You can learn how to configure Remote Desktop securely in this article.
  • Host a personal Web site from your own computer. This is bandwidth constrained because most broadband services don't have great upload capacity. Most broadband connections are capped at around 128 to 384 kbps, although some lucky users have 1 mbps of upload capacity.
  • Host your own FTP server. If your FTP site requires a username and password, this is a dangerous thing to do because the username and password are sent in the clear. Anyone can sniff that and break into your FTP server. If the username and password are used for other things as well, an attacker will be able to break into that too.
  • Host your own game server. This is also bandwidth constrained to approximately 40 kbps per gamer who connects from the outside. Don't try to exceed eight external players if your upload capacity is 384 kbps.
  • Host your videos with something like a Slingbox. Note that this can kill your upload bandwidth because video is bandwidth hungry.
  • The possibilities are endless once you have a Dynamic DNS address, but be warned that capability comes with responsibility. You're now opening yourself up to the public Internet, and you must do what's necessary to harden your resources against hackers.

Create your own DynDNS.com account

To get started, you must create your own DynDNS account by going to the DynDNS Web site and clicking on Create Account. There, you'll need to fill out some personal information and provide a valid e-mail address for confirmation, along with the username and password. Choose Other for How Did You Hear About Us and paste the link to this article under Details. Agree to all the terms of usage and click Create Account. Once you get a confirmation e-mail, you'll need to click through the confirmation link within 48 hours to activate your account. Once it's activated, you can log into your account.

When you've logged in, click on the My Services link in the upper-right corner of the DynDNS Web site. Next, click on Add Host Services. Then, click on Add Dynamic DNS Host, and you'll see the Web form shown in Figure A. You can pick from a list of available domains to use. If you're a Linux fan, you might want something like "homelinux.org." If you're a gamer and you want to host Internet games, you might like "game-host.org." There are many to choose from, but not every hostname will be available, since they may already be taken.

Figure A

You need to fill in the Host Name and click the Add Host button on the form. You won't need to enter the IP address because it should already be filled out, and it's the job of the router to update this IP address. So if you choose "homeip.net" as the domain and choose some unique and never used before hostname, such as "MyUniqueHostName," your new DDNS name on the public Internet will be "MyUniqueHostName.homeip.net." Anyone accessing MyUniqueHostName.homeip.net will get to your home address even if it's constantly changing.

Forwarding ports to your internal network

Once your DDNS account is set up, you'll need to configure your router to update the server with your IP address. You'll need to verify that your router supports DynDNS. I'm going to show this with a relatively cheap Linksys WRT54GS router, which is fully certified to update DynDNS.org.

Note: There is an alternative to router-based DDNS updates, and DynDNS.com offers a Windows client. I personally don't like to run any extra software on my computer, so I prefer using a hardware client and having it taken care of in the router.

Figure B shows the configuration page for DDNS. It's on the main Setup page under DDNS. Simply select DynDNS.org as the DDNS Service, type in the username you set up with DynDNS.com, enter your password, and type in the fully qualified hostname, such as MyUniqueHostName.homeip.net. Now, click the Save Settings button. When this is complete and the Web page refreshes, it should say DDNS is updated successfully under Status. This means MyUniqueHostName.homeip.net is now reachable from the public Internet.

Figure B

Once your fully qualified DDNS name is visible from the Internet, you'll need to open the appropriate ports to access the applications you want. In Figure C, in the Applications Gaming section and under Port Range Forward, you'll need to add some ports. The Application column is just a name you choose to label the ports you're opening. In my example, I've opened up TCP ports 3389 and 3390 for terminal services. Anything coming from the public Internet going to port 3389 (used for Remote Desktop or Terminal Services) will get rerouted to the internal host 192.168.1.11. Port 3390 is a nonstandard port I chose for a second Remote Desktop host that will get rerouted to internal host 192.168.1.12. Once you've completed these port-forwarding entries, click on the Save Settings button to save your changes. Note that you should use static IP addresses on these internal hosts because any change in a DHCP address will cause port forwarding to break.

Figure C

Changing the Windows Remote Desktop port

Windows Remote Desktop defaults to TCP 3389, but you can have only one machine using this port when you're sharing a single IP address. If you want to open up a second computer for Remote Desktop, you'll need to configure a nonstandard port. You will need to edit the following registry key with the RegEdit command:

  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

Figure D shows how this will look like under Vista, but it should look similar in Windows XP. To set an alternative key for the second Remote Desktop host with the IP address of 192.168.1.12, simply change the default 3389 value to 3390. You can keep incrementing the ports for additional hosts you want to open to the Internet.

Figure D

Don't forget about security

As powerful and useful as this technique is, convenience comes with responsibility. Anytime you open a port to the outside world, that service -- whether it's a Web server or Remote Desktop server -- can potentially be a backdoor into your network if you're not careful with security. Opening up ports to the Internet means that anyone around the globe can take a shot at your services. Remember that it doesn't matter what operating system or platform you're using. When it comes to getting hacked on the public Internet, the most important thing is that you follow best practices for locking down the services you expose. Since this article gives examples of using Remote Desktop from anywhere on the Internet, it is critical that you configure Remote Desktop securely.

67 comments
Nubem_com
Nubem_com

Hello
What do you think about https://nubem.com/dynamic-dns.php ?
Dynamic DNS comes for free, and you can bring in your domain name.
Would you like to try it ?
Any comment and suggestion is very welcome.

peggyres
peggyres

I was also trying to find a service provider. Is there any reliable and free ones except DNSdynamic and Dynu? I need a few~

Deadly Ernest
Deadly Ernest

want to do this. I've a lot of data at home I often use elsewhere, so I take it with me as a copy on a USB drive. That ensures I don't have open holes in my home gateway security and I have a good copy still at home if something goes wrong with what I take out. If you have huge amounts of data on your home system you feel you need to access while away from home, I wonder if you should be storing it at home at all, cause it sounds a lot more like a business need of a consultant than a home usage, and thus it should be done in a more business like manner with portable storage systems.

Zoey11
Zoey11

Cool, I’ve been thinking about how to do the last part for a while. I’ve been running DynDNS on my DD-WRT router (so it updates my IP when ever it changes) But I need to access my FreeNas server for a presentation for school. I thought about VPNing in, but I guess I could just forward port 80 to my FreeNas box. I’ll just need a stronger password then I have now. Thanks guys

admin
admin

Make your accessible home Server Secure. A home server is an excellent project but it is also a good way to let unwanted visitors into your home network. Be sure to check your services for security issues. Try a free scan from http://www.broadbandsecurity.org - Nmap and Nessus available.

diaza56
diaza56

Great article, it help me configure my router to access my network from the outside. Only thing is that when I type in my hostname, it gives me the router's page not the application I wanted and that I put in in the "port range forward". How do I fix this?

cwroblew
cwroblew

I really like it. It works without my paying much attention to it. In fact, after installing it, I let it run for a couple of years and then realized I really should make sure there is no upgrade for this. I still only check periodically for upgrades.

steve@busconma.com
steve@busconma.com

The downside of using DDNS function in a router is that DynDNS will drop your account (actually only the single DNS entry within your account) after 30 days if it hasn't been "touched" in that time. Router-based DDNS service usually will touch (update) the DynDNS site only when your IP address has changed, not on a 30-day timer. If, as is often the case, your IP address is not changed by your ISP in more than 30 days, you will lose your DynDNS account entry.

bobx
bobx

Similar service that I have found to be reliable over the last few years

LouCed
LouCed

Is there an XP alternative to this article link? "configure Remote Desktop securely"

Marty R. Milette
Marty R. Milette

Virtually all services providers have a clause that states you may not run certain services from your connection. Their primary concern is the consumption of bandwidth and traffic -- denying service to other customers. As a result, they use DHCP with extremely short lease times to force your public IP address to change too often for any traditional DNS service to be useful -- hence the development of DynDNS and other similar services. Some providers DO offer a fixed public IP address -- such as my provider here in Russia -- for an additional $10 per month -- however, I am limited to 1GB of traffic per month, and if I go over that limit, it costs $30 per each additional GB! (Needless to say, I don't do any P2P from here!) DynDNS does nothing that would violate your terms of service in and of itself. All it does is allow you to refer to your public IP address by name instead of by number, and automatically adjusts the mapping as your IP changes. What MAY violate the terms are the services you decide to hang off of that IP -- and those would function no differently with or without DynDNS. DynDNS or other similar services simply make it easier to 'find' your public IP address remotely.

Why Me Worry?
Why Me Worry?

carriers, such as Optimum Online, Comcast, Verizon, etc? I believe they specifically mention in their terms of service agreement that residential class broadband is not to be used to host any web server or other services on the internet, and dynamically registering your DHCP assigned IP address with a DNS domain name probably falls under that same scope and would be in violation of the TOS agreement. The broadband service providers see it this way..."Why would you need a DNS name assigned to your DHCP assigned public IP address unless you are hosting services out on the web?". Sure, they offer business class broadband with a static IP address for such purposes, which they profit off of obviously, but this free workaround may just end up being the end of one's broadband account if the ISP finds out what is going on. I'm not being a hardass, but I'm pretty sure there are legal implications to doing this. Please check with your broadband ISP before using such a service.

verg
verg

Vernon's PC

Editor's Picks