Initial Setup
No users exist yet. Create the first administrator account to finish setup.
Minimum 12 characters.
Accept Invite
You were invited to this DDNS instance. Set a password to create your account.
This invite is bound to an email address.
Minimum 8 characters.
Reset Password

My Hosts

FQDN Last IP TTL Wildcard Updated Actions
No hosts yet.
DDNS client setup (quick start)
Use these values in routers and DDNS clients. Derived from public.base_url (fallback: current origin).
Update URL
Check IP URL

Recommended authentication
Create a per-host token in the UI (My Hosts → Token) and use it as the password where possible.
dyndns2-style request (example)
Many routers and clients call /nic/update. Some send myip, some don’t.
Copy/paste and replace USER, PASS, and hostname.

Use this for most router Dynamic DNS implementations (DynDNS2 / custom provider).
Update URL:
Hostname / Domain: your host FQDN (e.g. home.example.net)
Username: your email (or configured basic user)
Password: per-host token (recommended) or basic password

Use the Dynamic DNS client (Services → Dynamic DNS) and choose a DynDNS2-compatible type if available. OPNsense commonly expects the base host without https://.
Base host (no scheme):
Update path:
Check IP:

Admin

Account
Email verification and login method depend on system policy.
Used for email links (verify, invites) and OIDC defaults. Example: https://ddns.example.com
PowerDNS Topology
Configure whether local PowerDNS is master or slave and manage additional remote slave targets.
Used as the masters list when creating Slave zones (local slave mode and/or remote slave targets). Leave empty if not using slaves.
When set, the server will ensure ns1.<zone> has an A record. Leave empty if your nameservers are external.
When set, the server will ensure ns1.<zone> has an AAAA record for IPv6 nameserver propagation validation.
Fallback when a remote slave refuses NOTIFY. When enabled, the server will call each configured slave target's axfr-retrieve endpoint after zone changes.
This is used by docker compose port mapping (PDNS_DNS_BIND_IP). Changing it requires a container restart.
Remote slave targets
Name API URL Server ID Master IP override Actions
Removing a target will first delete all known zones from that target to avoid configuration leftovers.
Slave setup helper
Generates copy/paste commands to enable PowerDNS slave support on each remote slave server (based on your current settings). Secrets are shown as placeholders.
SMTP / Email
Optional. Required for sending verification and invite emails.
Optional. Used to format emails as "Display Name" <from@example.com>.
Registration & Recovery
Controls public self-registration and the guarded admin recovery flow.
Controls whether the Register tab is available. Endpoint: POST /v1/auth/register.
Used by /v1/public/admin-recover. Only works when there are 0 admins. Store a long random token here.
Rates
Global defaults and system-wide throttles.
Applies only to non-admin users. Admins are always unlimited.
Recommended: 1/minute per host; bursting allowed.
How many health issue entries to retain (min 10, max 500).
Delete consumed/expired invites older than this many days.
Delete unverified non-admin users older than this many days. Set to 0 to delete immediately.
Delete consumed/expired email change tokens older than this many days. Set to 0 to delete immediately.
Comma or whitespace separated list of IPs/CIDRs allowed to AXFR the zone. Empty denies all transfers.
Health Overview
Live status plus a short history window for operational troubleshooting.
Current status
Not checked yet.
Recent issues
Only shown when a component was unhealthy (newest first).
Time Overall DB PowerDNS Actions
Domains
Multiple DDNS domains are supported. Hosts can be created under any configured domain.
New domain
Selected: 0
Domain Created Actions
No domains yet.
Client setup hints (Keycloak / generic OIDC)
Derived from public.base_url. Use these values in your IdP client configuration.
Root URL
Home URL
Admin URL
Web Origins
Valid Redirect URI
Default redirect URI is shown above in Client setup hints. Use override only if you need a non-standard callback URL.
If discovery works but token exchange fails, set this to match your IdP client configuration.
Only enable for self-signed / internal IdP TLS certificates. Prefer fixing CA trust.
User Management
Selected: 0
UID Email Role Status Verified Created Limits Actions
Loading...
Invites
Create invite links for controlled onboarding. Invites can be emailed (if SMTP is configured) or copied manually.
Selected: 0
Email Role Status Expires Consumed Created Actions
No invites yet.
Hosts
Selected: 0
FQDN IP TTL Wildcard Owner Created Actions
No hosts yet.
Logs
Search
Idle
TimeLevelMessage
No logs yet.