Is Namecheap DDNS using a secure connection?



  • If I use the Namecheap option in the Dynamic DNS service, will it update via a secure connection? The update server, park-your-domain.com, doesn't appear to require https to connect, even though they have a browser update option where the user includes the password in the URL. It's in the configuration that this would be specified, but I don't know what the configuration is since I only input login and DNS data.



  • Since I couldn't figure out what the Namecheap built-in service is using, I made some custom client rules based on a Namecheap support article:

    Update URL   ```
    https://dynamicdns.park-your-domain.com/update?host=[host_name]&domain=[domain.com]&password=[domain_password]&ip=%IP%

    
    Result Match ```
    <interface-response><command></command>SETDNSHOST<language>eng</language><ip>%IP%</ip><errcount>0</errcount><responsecount>0</responsecount><done>true</done></interface-response>
    

    Note that the URL can only update one subdomain at a time, so for no subdomain, replace [host_name] with @ and that's one rule; for www subdomain, replace [host_name] with www and that's a second rule, etc.



  • Namecheap in particular uses exactly what you configured manually there. That can be seen in /etc/inc/dyndns.class

    Options that support HTTPS generally use it. That's been the vast majority of them for a while. The list of which support it has changed a bit over time as some providers have added HTTPS support, I just updated a small number of them that used to be HTTP that now use HTTPS for future releases.



  • Thanks for that. I'm rather lost in FreeBSD and couldn't figure out where the config file might be located.



  • For a number of things, I couldn't tell you off the top of my head. You can do the same as I did to find it (or similar things in the future), go to a command prompt via SSH, and run:

    cd /etc/inc/ 
    grep -r park-your-domain * 
    
    

    Or if you aren't sure what directory it's in, "cd /" instead to go through the entire file system. Essentially all the config-related things like that you'll find in /etc/inc/ and grepping just there is much faster than going over the entire file system.



  • I have a domain at namecheap, let's call it foo.me – used for connecting to home services (synology NAS, VPN etc) and I like to use a wildcard for this  *.foo.me  so I can do split-brain DNS without having to worry about setting up 10 different A records and 10 different DynDNS updaters on pfSense. E.g when I'm at home on the LAN, I use nas.foo.me and that has to route to a different target (192.168.1.100) than vpn.foo.me (192.168.1.1)

    Problem:  I have a single wildcard entry .foo.me at Namecheap. When I tried to use the pfSense (2.2.5) Dyndns updater's standard mode it fails. I tried using just "foo.com" with the "wildcard" checkbox enabled (seemed to save but the public DNS didn't update) as well as just specifying ".foo.com" in the Hostname (pfSense GUI rejects the * as invalid).

    I wound up doing a "Custom" mode with the following URL scheme

    https://dynamicdns.park-your-domain.com/update?host=*&domain=foo.me&password=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&ip=%IP%
    

    (That works) – is this a bug, limitation, or a PEBKAC issue?


Log in to reply