AWS with pfSense Part 2: Route53 DynDNS with pfSense

After a lot of talking about it, we will dive right into it with setting up AWS Route53 DynDNS with pfSense. In this step by step tutorial, I will show you how you get Route53 DynDNS with pfSense working in no time!

If you missed the post about our Concept, check it out here.

 

What is Dynamic DNS?

DynDNS is a service that translates your external IP Address into an URL like yourcompany.dyndns.org

If you have a static IP from your provider, you will not need DynDNS necessarily, I got a static IP but will use DynDNS anyway, just to have an address I can remember out of my head instead of remembering an IP address.

Most of you, at least for private usage, will have an external IP Address that changes every 24 hours. So it would be impossible to reach your internal network after the change of your IP Address.

This is where DynDNS comes into play.

Each time you got your 24h disconnect, pfSense will tell your DynDNS provider your new IP Address automatically.

There are plenty of completely free services out there that do that, I recommend NO-IP.

But because we are talking about AWS here, I will utilize AWS own DNS Service: Route53.

Now, Route53 can do A LOT more than just DynDNS. You can register domains, host websites and so on.

If you want to utilize Route53 for DynDNS, you  HAVE TO use route53 on that Domain. You can register a new domain with AWS just for the purpose of using DynDNS or transfer your own domain to them to use Route53 on it.

For example dyndns.yourcompany.com

In our case we will not use this homepage in any way, it solely is for the purpose of DynDNS, that’s not bad, cost just around 9$ per year for the domain. There will be some very little fees for each DNS request tho, but they are minimal. Just be aware, there are fees.  IN doubt, use NO-IP.

Ok, let’s do this. It is very important that you read carefully through ALL the steps!

 

Step 1 Logging in to your AWS Web Interface and creating a new User

Navigate to Route53 after logging in.

Register a domain you like or transfer your own, for example: yourcompanydns.com and go through the registration process. The registration can take a few hours to be finished. A Hosted Zone will be automatically created in the process. After everything is registered and the Hosted Zone populated, continue.

Now we want to create a new user who is designated and has permission to update our DNS Records in the newly created Hosted Zone. We don’t want to use our root account for this. In the AWS Web Interface navigate to IAM and to Users.

Enter a User Name and for Access type choose: Programmatic access.

Click Next:Permissions.

 

Select: Attach existing policies directly. Type: Route53 in the search field. Tick AmazonRoute53FullAccess. Click Next: Review.

 

Check if all is set correctly and hit: Create User. You will get presented with your Access Key ID and your Secret Access Key. Note BOTH down for later, we need them in our pfSense. If you do not note them, you need to create a new key pair later, this will be the only time this key pair is shown to you.

 

Step 2 Configuring pfSense

Good. Now we already got our AWS side set up and ready to go. Let’s head over to our pfSense.

After logging in to the pfSense Web Interface head to: Services / Dynamic DNS / Dynamic DNS Clients and hit: +Add.

Now fill the information in like below:

Service Type: Route53.

Interface to Monitor: Your WAN Interface.

Hostname: The Name your DynDNS will update to, for example if you registered yourcompanydns.com write in the hostname field: dyndns.yourcompanydns.com

Route53 will automatically create that entry for you inside of your Hosted Zone.

Username: The Access Key ID of your Route53 Admin user you created earlier.

Password: The Secret Access Key of your Route53 Admin user.

ZoneID: You find your ZoneID in Route53 under Hosted Zones and on the right side of your Zone Name.

It is very important that you enter us-east-1/YOURZONEID and NO MATTER where you are located, it is always us-east-1.

TTL: 60

Description: MyWANDynDNSRoute53

 

Your Zone ID

pfSense DynDNS Settings

 

If all went well, a green IP shows up and confirmed that the DNS record was updated. You can now reach your internal network over the dynamic DNS name you just created.

 

You can test it by pinging: dyndns.yourcompanydns.com from a computer outside of the network.

Also, if you go back to your Hosted Zone and click on the Zone, you will see that an entry with the name: dyndns.yourcompany.com and your IP Address was created.

Now every time your ISP changes your IP Address, pfSense will send an update to Route53 and update it to the new IP Address, meaning no matter how often your IP changes, your company network will always  be reachable over dyndns.yourcompany.com

I hope this can help some of you, it took me quite a long time to find all the information on the internet especially with pfSense and the use of us-east-1 as the only working zone for DynDNS.

 

You can get pre-installed pfSense hardware here:
I use a PC Engines APU.1D4 Bundle which is only available on the German Amazon, so you have to look how to get it in the US, but I assume the options above are of equal quality.

*Some of these links may be affiliate links, meaning if you click and purchase something,
I may receive a small commission at no additional cost to you. I only recommend companies and products I personally use,
and any commissions help to pay for content creation. Thanks!

5 thoughts on “AWS with pfSense Part 2: Route53 DynDNS with pfSense

  • September 9, 2017 at 8:32 pm
    Permalink

    Thanks! The “us-east-1” part of the Zone ID threw me off too!

    Reply
    • September 11, 2017 at 10:45 am
      Permalink

      No worries. Yeah, that’s a bit hard to grasp 🙂

      Reply
  • November 23, 2017 at 3:43 am
    Permalink

    I’m running pfSense 2.4.0, and I couldn’t get it to work *with* the us-east-1 in the Zone ID. Once I deleted it, and just used the plain zone id as reported in Route 53, everything worked.

    Thanks for everything else. Much appreciated.

    Reply
    • November 23, 2017 at 10:48 am
      Permalink

      Interesting! Thanks for letting me know. I am glad I was able to help!

      Reply
    • January 19, 2018 at 11:50 am
      Permalink

      Odd.. It wasn’t working for me until I put in the US East 1.

      @ceos3c, thanks for posting this guide. It got me up and running with Route53

      Reply

Leave a Reply