Configuring system settings : Configuring network settings : Configuring dynamic DNS
Configuring dynamic DNS
The System > Network > DDNS tab lets you configure the FortiMail unit to use a dynamic DNS (DDNS) service.
If the FortiMail unit has a static domain name but a dynamic public IP address, you can use DDNS to update DNS servers on the Internet when the public IP address for its fully qualified domain name (FQDN) changes. For information on setting a dynamic public IP address, see the DHCP option.)
To access this part of the web UI, your administrator account’s:
Domain must be System
access profile must have Read-Write permission to the Others category
For details, see “About administrator account permissions and domains”.
To view and configure dynamic DNS accounts
1. Go to System > Network > DDNS.
GUI item
Description
Server
Displays the name of your DDNS service provider.
User Name
Displays your user name for the DDNS service provider.
Host/Domain Name
A public host name or fully qualified domain name (FQDN) that should resolve to the public IP address of the FortiMail unit.
Its public DNS records are updated by the DDNS service provider when the FortiMail unit sends its current public IP address. As such, it might not be the same as the host name and local domain name that you configured in “Host name” and “Local domain name”, which could be valid only for your internal network.
Update Time
Displays the interval in hours that the FortiMail unit waits between contacts to the DDNS service provider.
2. If you have not yet configured the dynamic DNS account that the FortiMail unit will use when it connects to the DDNS service provider, click New.
A dialog appears.
GUI item
Description
Server
Select a DDNS service provider to which the FortiMail unit will send DDNS updates.
User name
Enter the user name of your account with the DDNS service provider. The FortiMail unit will provide this to authenticate itself with the service when sending updates.
Password
Enter the password for the DDNS user name.
Update time
Enter the interval in hours between each time that the FortiMail unit will query the DDNS service provider’s IP detection page if “IP mode” is Auto detect.
Caution: Do not exceed the recommended frequency published by your DDNS service provider. Some DDNS service providers consider excessive connections to be abusive, and may ignore further queries from the FortiMail unit.
3. Click Create.
4. The tab returns to the list of dynamic DNS accounts, which should now include your new account.
5. Double-click the row corresponding to the new DDNS account.
The Host/Domain Name Setting area is now visible.
6. In the Host/Domain Name Setting area, click Create New, or, to modify an existing host/domain name, select its row and click Edit.
A dialog appears.
7. Configure the following:
 
GUI item
Description
Server
Displays the dynamic DNS service provider of this account.
Status
Enable to update the DDNS service provider when the FortiMail unit’s public IP address changes.
Disable to notify the DDNS service provider that this FQDN should use its offline redirect, if you configured any. If the FortiMail unit’s public IP address changes, it will not notify the DDNS service provider.
Host name
Enter the fully qualified domain name (FQDN) whose records the DDNS provider should update.
IP mode
Select which of the following ways the FortiMail unit should use to determine its current publicly routable IP address.
Auto detect: Periodically query the DDNS service provider’s IP address detection web page to see if the FortiMail unit’s public IP address has changed. The IP detection web page returns the apparent source IP address of the query. If this IP address has changed, the FortiMail unit then sends an update request to the DDNS service provider, causing it to update DNS records for the FQDN in “Host name”.
This option is the most common choice. To configure the interval of DDNS IP detection queries, see “Update time”.
Note: If this query occurs through a NAT device such as a router or firewall, its apparent source IP address will not be the private network IP address of any of the FortiMail unit’s network interfaces. Instead, it will be the IP address of the NAT device’s externally facing network interface.
For example, a public virtual IP (VIP) on a FortiGate unit in NAT mode might be used to route email from the Internet to a FortiMail unit. DDNS updates are also routed out from the VIP to the DDNS service provider on the Internet. From the DDNS service provider’s perspective, the DDNS update connection appears to come from the VIP, and therefore it updates the DNS records with the IP address of the VIP. The DDNS service provider does not know the private network address of the FortiMail unit.
Bind interface: Use the current IP address of one of the FortiMail unit’s network interfaces. Choose this option only if the network interface has an IP address that is routable from the Internet — that is, it is not an RFC 1918 private network address.
Static IP: Use an IP address that you configure. You must manually update the accompanying field if the FortiMail unit’s public IP address changes.
Type
Select one of the following:
dynamic (this is the default)
static
custom
To verify your DDNS configuration and connectivity, do not query DNS servers: depending on DNS caching, record propagation, and other effects, DNS queries may not be able to determine whether the update actually reached your DDNS service provider.
Instead, log in to your DDNS service provider account and verify whether its host records have been updated. You can also view the FortiMail event log. Log messages such as this indicate DDNS update failure:
DDNS daemon failed on update members.dyndns.org, domain fortimail.example.com, next try at 1251752285\n