What's in it:
- RFC 2136 / TSIG updates as a first-class path. FortiGate genericDDNS and MikroTik's /tool dns-update work natively — no custom client needed. HTTP API is also available for everything else.
- IPv6 end-to-end. Authoritative nameservers reachable over IPv6 (with AAAA glue published at the parent .dev zone), customer zones publish A and AAAA, and the platform works for IPv6-only clients.
- DNSSEC available on selected zones. With a single toggle.
- Bring your own domain via subdomain delegation. Point subdomain.yourcompany.com at our nameservers, manage normally.
- Hidden primary architecture: two geographically distributed secondaries (Sweden + Switzerland) verify TSIG locally and forward updates to a primary that doesn't take public traffic.
- Private-APN-friendly: we accept RFC 1918 and CGNAT addresses in records, which means cellular fleets on private APNs can use public DNS for stable hostnames pointing at internal IPs. Described in the fleet ops guide.
- A small Docker container (ghcr.io/33k-org/dynip-updater) for any docker-compose / Kubernetes / Coolify / Dokploy setup.
Background: 25 years of managed networking. DDNS was the part that broke or required tricks. Wanted one that didn't.
Stack: PowerDNS 4.8 authoritative, FastAPI backend, Postgres, Postfix for transactional mail, Cloudflare for the external surface and as a tunnel for the API. Live on dynip.dev. Paddle for billing. Free tier exists.
Happy to dig into architecture, the TSIG sync mechanism, per-zone DNSSEC handling, the hidden primary approach, or anything else.
How did you set up PowerDNS? Single/multiple instances? One DB shared by many or multiple authoritative with one hidden primary?
Doesn't that cause security issues by making it possible to put other people's private servers (that you want to do XSS-type attacks against) into your domains or something? I have a vague memory of it being a security no-no somehow.
Looking into switching today :D
Check the snippets after you create a zone, hopefully less hacky scripts :D
Just as a warning however the vibe coded website doesn't inspire confidence this isn't low quality auto generated AI slop and/or AI managed infra.
Looking into it of course this seems to not be the case, but just wanted to say, don't use generic looking theming that is default of all LLM-generating websites :)
With that said, I hope as well that it is a amazing idea, I am really happy with how it works and performs.
One example I used it for just a few days ago was to set up dual ipsec tunnels for redundancy in fortigate in a remote warehouse. with the snippets I can just add a byod domain and paste the config into the cli and ship the devices. when they connect it it dials up, updates the ip in the dashboard (with notification that it has changed) and the vpn tunnels comes up automatically. it is available as road warriors as well, or dialup ipsec tunnels but I want dual initiator functionality.
Maybe this reply isnt really what the site is for but rather a subset of what can be done.
have a look at https://dynip.dev/guides/ I tried to add substantial information on what can be done
Fun times :)
Thanks for being awwesome!