Free DNS service

Welcome to the Hurricane Electric Free DNS Hosting portal. This tool will allow you to easily manage and maintain your

forward and reverse DNS.

The Open Beta has been expanded and now includes our IPv6 certification or tunnelbroker account holders, Colocation customers and those with Transit services from us. If you do not have an account, you can sign up for a free one here or by clicking on the button to the left. For those with existing admin.he.net accounts, please contact Support <support@he.net> and request a password.

Features

Dualstack: Supports queries via both IPv4 and native IPv6.

Support for A, AAAA, ALIAS, CNAME, CAA, MX, NS, TXT, SRV, SSHFP, SPF, RP, NAPTR, HINFO, LOC and PTR records.

Smart mode IPv4 and IPv6 reverse zones simplifies reverse zones.

Slave support

Multiple reverse zone formats: Standard, RFC 4183, RFC 2317, DeGroot.

Geographically diverse servers.

Sanity checking for delegation for both forward and reverse zones.

Basic syntax checking for fields.

Multiple domains per account.

Recent Additions

We've added the ALIAS record type!

After many requests, we have added this much requested feature..

We've added the CAA record type!

After many requests, we have completed the backend upgrades required to enable the CAA record type.

Dynamic DNS Additions

Dynamic TXT records have been added!

We've received requests for dynamic TXT records for use with Let's Encrypt Certificates. We've added them in using the same basic ddns syntax that we already provide with the difference being the use of 'txt=' in place of 'myip='. You will need to create the dynamic TXT record from within the dns.he.net interface before you will be able to make updates. You will not be able to dynamically create and delete these TXT records as doing so would subsequently remove your ddns key associated with the record.



NOTE: A propigation delay of up to 5 minutes may be experienced as the TTL of the record will need to expire and refresh. You should wait before requesting DNS01 validation once you have updated the record.



Authentication being passed in the URL % curl -4 "http://_acme-challenge.example.com:password@dyn.dns.he.net/nic/update?hostname=dyn.example.com&txt=evaGxfADs6pSRb..." Authentication and Updating using GET % curl "https://dyn.dns.he.net/nic/update?hostname=_acme-challenge.example.com&password=password&txt=evaGxfADs6pSRb..." Authentication and Updating using a POST % curl "https://dyn.dns.he.net/nic/update" -d "hostname=_acme-challenge.example.com" -d "password=password" -d "txt=evaGxfADs6pSRb..."

We've added the Dynamic DNS 'Checkip' service!

We've received requests for a checkip service. To bring us in line with some of the other dyndns services, we've added this to the dns.he.net family of services. To access the service just point your web browser or other web client to

http://checkip.dns.he.net

We've added Dynamic DNS support!

We're working on smoothing out how it's represented in the UI and writing something that resembles documentation, but thought we'd push out what we have so it can get a little use. It's a pretty basic implementation and should work well for most applications. It works with 'ddclient' (or dyndns compatible clients), and with any of the command line examples. We'll update this page when the documentation is ready. (we're hoping to have it written soon...). If you have any feedback on this new feature, please send them along to <dnsadmin@he.net>

http://[your domain name]:[your password]@dyn.dns.he.net/nic/update?hostname=[your domain name] Autodetect my IPv4/IPv6 address: % curl -4 "http://dyn.example.com:password@dyn.dns.he.net/nic/update?hostname=dyn.example.com" % curl -6 "http://dyn.example.com:password@dyn.dns.he.net/nic/update?hostname=dyn.example.com" Specify my IPv4/IPv6 address: % curl "http://dyn.example.com:password@dyn.dns.he.net/nic/update?hostname=dyn.example.com&myip=192.168.0.1" % curl "http://dyn.example.com:password@dyn.dns.he.net/nic/update?hostname=dyn.example.com&myip=2001:db8:beef:cafe::1"

Note: The username is also the hostname. The password is sent using 'password='. This skips HTTP basic auth.

Authentication and Updating using GET % curl "https://dyn.dns.he.net/nic/update?hostname=dyn.example.com&password=password&myip=192.168.0.1" % curl "https://dyn.dns.he.net/nic/update?hostname=dyn.example.com&password=password&myip=2001:db8:beef:cafe::1" Authentication and Updating using a POST % curl "https://dyn.dns.he.net/nic/update" -d "hostname=dyn.example.com" -d "password=password" -d "myip=192.168.0.1" % curl "https://dyn.dns.he.net/nic/update" -d "hostname=dyn.example.com" -d "password=password" -d "myip=2001:db8:beef:cafe::1"

Things to note about the dynamic DNS support:

Your "username" is going to be the name of the record that has been tagged dynamic. ie You marked the A record for dyn.example.com as dynamic. Your username will be "dyn.example.com"

You can tag an A or AAAA record by editing it once you have selected the zone. (check the box).

Once you have "activated" the record to be dynamic, you will need to generate a key (or password if you prefer) for it. (click on the icon) to generate the key for the dynamic record.

icon) to generate the key for the dynamic record. If you have tagged both an A and AAAA record to be dynamic, you will see the icon twice, it is only necessary to generate one key as it is bound to the name of the record and not the name/type. (see the part up above where we mention that we're still working on the UI part... :) .)

When making updates, you will need to make a separate update for ipv4 and ipv6. We may add an additional "myipv6=" option in the future.

Secondary domains that disallow AXFR's will be deactivated until they have been validated.

You can validate the domain by selecting it from the "Slave domains for this account." (click on the (i)nformation icon) This will attempt to pull the zone from the specified nameserver(s). If it is successful, it will validate the domain and will start listening to your nameservers NOTIFY packets as well as making periodic checks (depending on your TTL).

You can validate the domain by selecting it from the "Slave domains for this account." (click on the (i)nformation icon) This will attempt to pull the zone from the specified nameserver(s). If it is successful, it will validate the domain and will start listening to your nameservers NOTIFY packets as well as making periodic checks (depending on your TTL). We've added a small collapsable panel on each of the domain specific pages. (edit zone, slave information, etc)

Click on the "[+] Raw Zone" to expand the panel. This will give you the raw AXFR output for the domain.

(edit zone, slave information, etc) Click on the "[+] Raw Zone" to expand the panel. This will give you the raw AXFR output for the domain.

Do you have some tools that you'd like to see? Send us your suggestions!

ALIAS Record SupportCAA Record SupportDynamic TXT RecordsHere is a couple of quick examples to get you started. Dynamic IP examples below may provide additional information should you need it.Dynamic DNS 'Checkip' ServiceDynamic DNS SupportHere are a few examples to get you started (manual testing)Here are a couple more examples that allow sending the password in the URLAdditional Troubleshooting Tools:

Upcoming Features!

Expanding our DDNS service to support TXT records

Bind Zone Import/Export

DNSSEC - We are exploring this now

Updated 07.07.2020 - dnsadmin@he.net

We've received some fantastic suggestions from our Open Beta users. We're looking into implementing:Keep the feedback coming in!Thanks!DNS Administrator