DNS Beacon
DashboardSign in

Help & guides

Setup instructions for routers, DNS providers, and the API.

Getting started

  1. Create an account and confirm your email address.
  2. In the dashboard, go to Hostnames → Create and add a subdomain like myhouse.dnsfollowme.uk.
  3. On the API keys tab, create an API key (e.g. "Fritz!Box Living Room") and copy it safely — it's only shown once.
  4. Configure your router per Router setup — use the API key as the password.

Router setup

Fritz!Box (AVM)

Internet → Permit Access → DynDNS

Provider:
Custom
Update URL:
https://api.dnsbeacon.com/nic/update?hostname=<domain>&myip=<ipaddr>
Domain name:
myhouse.dnsfollowme.uk
Username:
your email address
Password:
your API key
Detailed setup guide

Ubiquiti UniFi

Settings → Internet → WAN → Dynamic DNS

Service:
custom (or dyndns)
Hostname:
myhouse.dnsfollowme.uk
Username:
your email address
Password:
your API key
Server:
api.dnsbeacon.com/nic/update?hostname=%h&myip=%i

Note: UniFi only sends updates when the WAN IP actually changes. To force an update, disable the DynDNS config, save, re-enable, save.

Detailed setup guide

pfSense / OPNsense

Services → Dynamic DNS → Add

Service type:
Custom
Update URL:
https://api.dnsbeacon.com/nic/update?hostname=%h&myip=%IP%
Hostname:
myhouse.dnsfollowme.uk
Username:
your email address
Password:
your API key
Detailed setup guide

Synology NAS

Control Panel → External Access → DDNS → Add

Provider:
Custom
Hostname:
myhouse.dnsfollowme.uk
Username:
your email address
Password:
your API key
Server URL:
https://api.dnsbeacon.com/nic/update?hostname=__HOSTNAME__&myip=__MYIP__
Detailed setup guide

Other devices (DynDNS2 compatible)

Any device that speaks DynDNS2 works with the following:

Update URL:
https://api.dnsbeacon.com/nic/update?hostname=<host>&myip=<ip>
Auth:
Basic Auth (email / API key)
IPv6 (optional):
extra parameter &myipv6=<ipv6>

Bring your own domain

You can attach a domain you host yourself with a supported DNS provider. Your API token is stored AES-256-GCM encrypted and is only used to update DNS records for that domain.

Cloudflare

Prerequisite: the domain is delegated to Cloudflare (nameservers set to Cloudflare).

  1. On dash.cloudflare.com/profile/api-tokens create a token.
  2. Use the template "Edit zone DNS" — permissions: Zone:DNS:Edit.
  3. Under Zone Resources pick either Specific zone → your-domain.com or All zones.
  4. Copy the token and paste it into the dashboard under Domains → Add domain.

Hetzner DNS

Prerequisite: the domain is set up as a zone in the Hetzner DNS Console.

  1. On dns.hetzner.com/settings/api-token create an API token.
  2. Copy the token — it's only shown once.
  3. In the dashboard, under Domains → Add domain, pick provider "Hetzner DNS" and paste the token.

united-domains

Prerequisite: the paid DNS API add-on is enabled for the zone at united-domains. Without it the token returns no zones.

  1. Book the DNS API add-on in the united-domains portfolio.
  2. Generate the API key in your customer account.
  3. In the dashboard, under Domains → Add domain, pick provider "united-domains" and paste the key.

Rate limit: 1,200 requests/hour per token.

IONOS

Prerequisite: the domain is in your IONOS account and API access is enabled in the developer portal.

  1. Open developer.hosting.ionos.de/keys and create a new key pair (public prefix + secret).
  2. Copy the combined token in the format "<prefix>.<secret>" — it is shown only once.
  3. In the dashboard, under Domains → Add domain, pick provider "IONOS" and paste the combined token.

TXT records are supported — Let's Encrypt certificates via DNS-01 work for IONOS-hosted zones.

INWX

Prerequisite: the domain is in your INWX account.

  1. Log into the INWX customer area and create an API sub-user without 2FA under "Account → User management".
  2. Note down the sub-user's username and password.
  3. In the dashboard, under Domains → Add domain, pick provider "INWX" and enter the username and password.

Important: INWX API login fails when the account has Mobile-TAN 2FA enabled. Create a separate sub-user without 2FA for this — your main account can (and should) keep 2FA.

netcup

Prerequisite: the domain is managed through your netcup account.

  1. In the netcup Customer Control Panel under "Stammdaten ändern → API", create a new API key pair.
  2. Note down customer number, API key, and API password (the password is only shown once).
  3. In the dashboard, under Domains → Add domain, pick provider "netcup" and paste all three values.

Note: the netcup API is recordset-based (every change replaces the entire record set). If you edit DNS records manually in the CCP at the same moment we set a Let's Encrypt TXT record, one change can be lost. For normal traffic (DynDNS updates, cert renewals) this is fine.

OVHcloud

Prerequisite: the domain is in your OVHcloud account and you're using the European endpoint (eu.api.ovh.com).

  1. Create a new API application at ovh.com/auth/api/createApp — you'll receive an application key and an application secret.
  2. Open the OVH Token Maker, enter the application key and secret, and generate a consumer key.
  3. Important: grant the consumer key these rights (GET, POST, PUT, DELETE each on /domain/zone/*), confirm in your OVH account, and copy the resulting consumer key.
  4. In the dashboard, under Domains → Add domain, pick provider "OVHcloud" and paste all three values.

Note: we default to the EU endpoint. CA/US accounts need a different base URL — please reach out beforehand.

deSEC

Prerequisite: a (free) deSEC.io account with a zone set up there.

  1. Create a new API token at desec.io/tokens.
  2. Copy the token immediately — it's shown only once.
  3. In the dashboard, under Domains → Add domain, pick provider "deSEC" and paste the token.

deSEC is ACME-DNS-01 friendly — Let's Encrypt certificates work without any special configuration.

Gandi

Prerequisite: the domain is managed through your Gandi account.

  1. Open admin.gandi.net and sign in.
  2. Under Authentication options → Personal Access Tokens, create a new token with the "Manage DNS records" permission.
  3. In the dashboard, under Domains → Add domain, pick provider "Gandi" and paste the token.

Gandi LiveDNS enforces a 300s minimum TTL — we raise lower values automatically.

Mittwald

Prerequisite: a Mittwald account with a project, and the domain is set up there as a DNS zone.

  1. In mStudio, under Profile → API Tokens, create a new token with write access to DNS zones.
  2. Note the project ID (UUID) of the project that owns the zone — visible in the mStudio URL.
  3. In the dashboard, under Domains → Add domain, pick provider "Mittwald" and paste the API token and project ID.

Note: Mittwald creates a separate "DNS Zone" object inside your project for every subdomain (sub-zone delegation). 10 DynDNS hosts → 10 sub-zones — functionally fine, but visible in the mStudio UI.

Infomaniak

Prerequisite: the domain is in your Infomaniak Manager account.

  1. Open Manager → Profile → API keys and create a token with the "Domain" scope.
  2. Note the token (shown only once).
  3. In the dashboard, under Domains → Add domain, pick provider "Infomaniak" and paste the token.

Infomaniak natively supports TXT records — Let's Encrypt certificates via DNS-01 work without special configuration.

Scaleway

Prerequisite: the domain is registered with Scaleway and managed in your account.

  1. In the Scaleway console, under IAM → API keys, create a new API key.
  2. Note the "Secret Key" only — the access key isn't needed.
  3. In the dashboard, under Domains → Add domain, pick provider "Scaleway" and paste the Secret Key.

Scaleway uses a PATCH-based change model — operations are atomic per request. Let's Encrypt DNS-01 works natively.

API & endpoints

DynDNS2 endpoint

The router-compatible update endpoint:

GET https://api.dnsbeacon.com/nic/update?hostname=<host>&myip=<ipv4>[&myipv6=<ipv6>]
Authorization: Basic base64(<email>:<api-key>)

Possible responses:

good <ip>Update accepted
nochg <ip>IP unchanged, no DNS update needed
nohostHostname doesn't exist or is inactive
badauthEmail or API key is wrong
badparamInvalid parameters (e.g. malformed IP)
911Server error — retry later

Test with curl

curl -u "you@example.com:dyndns_..." \
  "https://api.dnsbeacon.com/nic/update?hostname=myhouse.dnsfollowme.uk&myip=1.2.3.4"
Available

Automatic SSL for your hostnames

One-click certificate issuance via Let's Encrypt — straight from the dashboard, no ACME client, no configuration on your side. Works for subdomains on our domain and for your own domain (BYOD).

  • One-click issuance from the dashboard — works for subdomains on our domain and for your own domain (BYOD).
  • Automatic renewal in the background; the latest certificate is always available for download.
  • DNS-01 validation — no open port 80 needed, works behind NAT or DS-Lite.
  • CAA pinning makes sure only authorized CAs can issue certificates for your hostnames.

Requires a PRO or BUSINESS plan.

Beta

Native update clients

A lightweight update client for Windows, Linux and macOS that runs directly on the device — ideal for laptops, workstations and servers that need to publish their public IP without relying on the router's DynDNS feature.

  • Tray icon with status at a glance — last update time, reported IP, next run.
  • Autostart at boot, no manual trigger needed; updates run in the background.
  • Detects IPv4 and IPv6 separately and can keep both address families up to date in parallel.
  • Signed installers for Windows (MSI), macOS (notarized PKG) and Linux (deb / rpm / static binary).

The Windows client is available now as a public beta — grab it on the Downloads page. Native macOS and Linux clients are still in the works.

FAQ

My router isn't sending updates — what do I do?

Most routers (UniFi, Fritz!Box) only send updates when the WAN IP actually changes. To force one, disable the DynDNS config in the router, save, re-enable, save. The dashboard's Hostnames → History tab shows whether updates are arriving.

My API key — how do I use it?

Enter it in the router as the password instead of your account password. The email stays as the username. You can revoke the API key any time without changing your account password.

Can I use IPv6?

Yes. Append "&myipv6=<your-ipv6>" to the update URL — the service will create an AAAA record alongside the A record. Free and Pro plans can use both in parallel.

What if I lose my API key?

API keys are only stored as hashes and can't be recovered. Delete the old key in the dashboard, create a new one, and update your router.

How many hostnames/domains can I create?

Free: 3 hostnames, 1 custom domain, 3 API keys. Pro: unlimited. Business: unlimited + team login.

What is domain verification?

When you add a custom domain, the service uses the supplied token to call the DNS provider and check that the zone exists and the token has access. If that works, the domain is marked verified and can be used immediately.

How do I enable two-factor authentication?

Under Settings → Two-factor authentication. During setup the service shows a QR code that you scan with Google Authenticator, Authy, Bitwarden, or 1Password. On activation you get 8 single-use backup codes — store them safely. API keys for /nic/update are not affected by 2FA — routers still only need email + API key.