Initial Setup
No users exist yet. Create the first administrator account to finish setup.
Minimum 12 characters.
Accept Invite
You were invited to this DDNS instance. Set a password to create your account.
This invite is bound to an email address.
Minimum 8 characters.
Reset Password

My Hosts

FQDN Last IP TTL Wildcard Updated Actions
No hosts yet.
DDNS client setup (quick start)
Use these values in routers and DDNS clients. Derived from public.base_url (fallback: current origin).
Update URL
Check IP URL

Recommended authentication
Create a per-host token in the UI (My Hosts → Token) and use it as the password where possible.
dyndns2-style request (example)
Many routers and clients call /nic/update. Some send myip, some don’t.
Copy/paste and replace USER, PASS, and hostname.

Use this for most router Dynamic DNS implementations (DynDNS2 / custom provider).
Update URL:
Hostname / Domain: your host FQDN (e.g. home.example.net)
Username: your email (or configured basic user)
Password: per-host token (recommended) or basic password

Use the Dynamic DNS client (Services → Dynamic DNS) and choose a DynDNS2-compatible type if available. OPNsense commonly expects the base host without https://.
Base host (no scheme):
Update path:
Check IP:

Settings

Account
Email verification and login method depend on system policy.
Admin settings are available only to administrators.
Used for email links (verify, invites) and OIDC defaults. Example: https://ddns.example.com
Misc
Global defaults and system-wide throttles.
Applies only to non-admin users. Admins are always unlimited.
Recommended: 1/minute per host; bursting allowed.
Delete consumed/expired invites older than this many days.
Delete unverified non-admin users older than this many days. Set to 0 to delete immediately.
Delete consumed/expired email change tokens older than this many days. Set to 0 to delete immediately.
Comma or whitespace separated list of IPs/CIDRs allowed to AXFR the zone. Empty denies all transfers.
Controls whether the Register tab is available. Endpoint: POST /v1/auth/register.
Used by /v1/public/admin-recover. Only works when there are 0 admins. Store a long random token here.
SMTP / Email
Optional. Required for sending verification and invite emails.
Optional. Used to format emails as "Display Name" <from@example.com>.
Domains
Multiple DDNS domains are supported. Hosts can be created under any configured domain.
New domain
Selected: 0
Domain Created Actions
No domains yet.
Client setup hints (Keycloak / generic OIDC)
Derived from public.base_url. Use these values in your IdP client configuration.
Root URL
Home URL
Admin URL
Web Origins
Valid Redirect URI
Default redirect URI is shown above in Client setup hints. Use override only if you need a non-standard callback URL.
If discovery works but token exchange fails, set this to match your IdP client configuration.
Only enable for self-signed / internal IdP TLS certificates. Prefer fixing CA trust.
User Management
Selected: 0
UID Email Role Status Verified Created Limits Actions
Loading...
Invites
Create invite links for controlled onboarding. Invites can be emailed (if SMTP is configured) or copied manually.
Selected: 0
Email Role Status Expires Consumed Created Actions
No invites yet.
Hosts
Selected: 0
FQDN IP TTL Wildcard Owner Created Actions
No hosts yet.
Logs
Search
Idle
TimeLevelMessage
No logs yet.