How to disable dynamic DNS?
I noticed that firewalla automatically enables a Dynamic DNS entry.
Is this a security concern?
The domain name is xxxx.x.firewalla.org
Could this be used by an attacker to find all connected firewalla devices?
If an exploit was found in firewalla, would this speed the spread of such an exploit?
Is there a way we can turn off dynamic DNS if we don't use it, or use a different service with a different domain name?
The address space of xxx is fairly large, so there is no need to turn it off. Here is my math
- There are around 3.7 billion IPv4 addresses
- the xxxxx part in firewalla is a mix of lower case characters and numbers (9 digits minimum); this means there are (10+26)^9 which is a huge number that's 27000 times bigger than all the available IPv4 addresses.
You can turn off DDNS in Firewalla. When you do that, the VPN configurations it generates will embed the IP address, but you can edit them to use a different hostname if you use a different DDNS provider.
Firewalla does not provide a DDNS client to keep other DDNS providers updated with your latest IP, which is a shame, but you can easily run a DDNS client from another machine in your network or from the Firewalla itself, if you wish.
Personally, I have DDNS in Firewalla turned off and use Cloudflare DDNS, updated using DNS-O-Matic, which itself is updated by ddclient running on a Linux box in my network. Everything works fine as long as I edit the VPN configurations to use by Cloudflare DDNS host name.
Please sign in to leave a comment.