I'm Daniel, network engineer in Sweden. Built DynIP because every DDNS service I tried was designed around 2010-era networks: proprietary HTTP-only update protocols, poor IPv6, no DNSSEC, little support for actuallymodern devices.

What's in it:

- RFC 2136 / TSIG updates as a first-class path. FortiGate genericDDNS and MikroTik's /tool dns-update work natively — no custom client needed. HTTP API is also available for everything else.

- IPv6 end-to-end. Authoritative nameservers reachable over IPv6 (with AAAA glue published at the parent .dev zone), customer zones publish A and AAAA, and the platform works for IPv6-only clients.

- DNSSEC available on selected zones. With a single toggle.

- Bring your own domain via subdomain delegation. Point subdomain.yourcompany.com at our nameservers, manage normally.

- Hidden primary architecture: two geographically distributed secondaries (Sweden + Switzerland) verify TSIG locally and forward updates to a primary that doesn't take public traffic.

- Private-APN-friendly: we accept RFC 1918 and CGNAT addresses in records, which means cellular fleets on private APNs can use public DNS for stable hostnames pointing at internal IPs. Described in the fleet ops guide.

- A small Docker container (ghcr.io/33k-org/dynip-updater) for any docker-compose / Kubernetes / Coolify / Dokploy setup.

Background: 25 years of managed networking. DDNS was the part that broke or required tricks. Wanted one that didn't.

Stack: PowerDNS 4.8 authoritative, FastAPI backend, Postgres, Postfix for transactional mail, Cloudflare for the external surface and as a tunnel for the API. Live on dynip.dev. Paddle for billing. Free tier exists.

Happy to dig into architecture, the TSIG sync mechanism, per-zone DNSSEC handling, the hidden primary approach, or anything else.

Pitch sounds really good. I don't have the time to try it out right now.

However had I not read your comment pitching it here, I'd have closed the tab on the landing page immediately. Sorry to be so direct, but it just looks like any vibe sloped page out there. I'm not saying it is, I haven't tried yet and your description here sounds good, but you might consider setting your page apart by putting some personality in it.

On another note, please don't create project specific HackerNews accounts.

> Don't have your username be that of your company or project. It creates a feeling of using HN for promotion and of not really participating as a person. You don't have to use your real name, just something to indicate that you're here as a human, not a brand. If you'd like to change your username, email hn@ycombinator.com.

https://news.ycombinator.com/item?id=22336638

See also https://news.ycombinator.com/showhn.html

This does look interesting, I do use DDNS to host various services from my home server to remote clients, but I currently use NO-IP DDNS. They have a pretty generous free tier, but my current gripe is they don't support using Let's encrypt or anything like that. I am borderline about to buy a domain from cloudfare, but curious on what makes DynIP stand out specifically?

Refreshing to see competition entering this space.

However, if you want to self-host, not caring for reliability or ease of use: bind9 supports RFC 2136 DNS UPDATE and DNSSEC, too (haven't figured that out yet, though). For my setup I also wrote a small Go executable that translates HTTP requests, because my home router does not talk DNS UPDATE.

Bonus points for rfc 2136, works easily with [external-dns](https://github.com/kubernetes-sigs/external-dns). I've been using k8s+external-dns on-prem with a selfhosted minimal BIND server on a public host for years now.

Thanks for all the excellent comments and questions, I will be bringing my daughter for swimming lessons for a few hours and will continue looking at the threads when I return.

Again, this guy <- happy

I have a few domains parked at freedns.afraid.org for dyndns usage by others, though I've been considering DIYing my own solution using DigitalOcean's DNS services.

Mostly around classic BBS usage, namely bbs.io ... I do hope that .io is officially extended beyond what would normally be end of life.

Is it right that the free-tier auth tokens expire in 24 hours (saw the JWT exp claim)? I would like to know this before investing too much time in migrating, even just to try it out. Trying to answer: is the free tier sustainable?

I used to set up my own OpenWrt DDNS scripts that update AWS Route 53 or Cloudflare DNS which solved enough of that problem for me.

Then Tailscale came out and I stopped caring about DDNS or CGNAT ever since.

I like the 2000 era HTTP(S) only updates. All you need is curl/wget/fetch and it works. Add a token if you like. I think duckdns can still do this. No client needed, works almost anywhere. --

This will be great for my homelab. Currently I have some hacky scripts to update he.net records whenever my ISP sends me a new ipv6 prefix but I'd prefer to reuse existing tooling.

Looking into switching today :D

My domain registrar also hosts DNS, and supports dynamic DNS entries. Ticking a box gives me an update URL and a username, which I can then enter into my UniFi router. How is this different?

This is great! and and amazing idea.

Just as a warning however the vibe coded website doesn't inspire confidence this isn't low quality auto generated AI slop and/or AI managed infra.

Looking into it of course this seems to not be the case, but just wanted to say, don't use generic looking theming that is default of all LLM-generating websites :)

Free tier says without long lived token - how would you use dyndns without one?

Would love to know what it is and what it is doing that others are doing wrong. I don't touch dns for anything other then pointing a domain to a server.

I usually set up a wireguard tunnel from my home box serving content on nginx to my linux server hosted on a virtual cloud server and have that virtual cloud server pass traffic via the wireguard tunnel back to my home box when people view my content.

Nice! Do you plan to provide secondaries? I would love to have a primary on my home IP and a secondary available from outside in case my connection is down.

If only OVH supported RFC 2136 / TSIG updates...

i'll give a try...

I have fond memories of playing with dyndns and having cool domains like <mynick>.homeunix.net … and having downtime because my home dns connection went down and came back up with a different ip address.

Fun times :)

What’s the use case of DDNS in 2026 when you can have vpn+reverse proxy? Or just vpn really and never expose anything

But you still need a registrar which are all gated with whatng cartel web engines (aka they broke noscript/basic HTML browser support)

Looks interesting.

[dead]

[dead]

[flagged]