Hurricane Electric Free DNS Management

Free DNS service

Welcome to the Hurricane Electric Free DNS Hosting portal. This tool will allow you to easily manage and maintain your
forward and reverse DNS.

The Open Beta has been expanded and now includes our IPv6 certification or tunnelbroker account holders, Colocation customers and those with Transit services from us. If you do not have an account, you can sign up for a free one here or by clicking on the button to the left. For those with existing admin.he.net accounts, please contact Support <support@he.net> and request a password.

Features

  • Dualstack: Supports queries via both IPv4 and native IPv6.
  • Support for A, AAAA, ALIAS, CNAME, CAA, MX, NS, TXT, SRV, SSHFP, SPF, RP, NAPTR, HINFO, LOC and PTR records.
  • Smart mode IPv4 and IPv6 reverse zones simplifies reverse zones.
  • Slave support
  • Multiple reverse zone formats: Standard, RFC 4183, RFC 2317, DeGroot.
  • Geographically diverse servers.
  • Sanity checking for delegation for both forward and reverse zones.
  • Basic syntax checking for fields.
  • Multiple domains per account.

Recent Additions


ALIAS Record Support
  • We've added the ALIAS record type!
    After many requests, we have added this much requested feature..

CAA Record Support
  • We've added the CAA record type!
    After many requests, we have completed the backend upgrades required to enable the CAA record type.

Dynamic DNS Additions


Dynamic TXT Records
  • Dynamic TXT records have been added!
    We've received requests for dynamic TXT records for use with Let's Encrypt Certificates. We've added them in using the same basic ddns syntax that we already provide with the difference being the use of 'txt=' in place of 'myip='. You will need to create the dynamic TXT record from within the dns.he.net interface before you will be able to make updates. You will not be able to dynamically create and delete these TXT records as doing so would subsequently remove your ddns key associated with the record.

    NOTE: A propagation delay of up to 5 minutes may be experienced as the TTL of the record will need to expire and refresh. You should wait before requesting DNS01 validation once you have updated the record.

Here is a couple of quick examples to get you started. Dynamic IP examples below may provide additional information should you need it.

Authentication being passed in the URL
% curl -4 "http://_acme-challenge.example.com:password@dyn.dns.he.net/nic/update?hostname=dyn.example.com&txt=evaGxfADs6pSRb..."

Authentication and Updating using GET
% curl "https://dyn.dns.he.net/nic/update?hostname=_acme-challenge.example.com&password=password&txt=evaGxfADs6pSRb..."

Authentication and Updating using a POST
% curl "https://dyn.dns.he.net/nic/update" -d "hostname=_acme-challenge.example.com" -d "password=password" -d "txt=evaGxfADs6pSRb..."


Dynamic DNS 'Checkip' Service
  • We've added the Dynamic DNS 'Checkip' service!
    We've received requests for a checkip service. To bring us in line with some of the other dyndns services, we've added this to the dns.he.net family of services. To access the service just point your web browser or other web client to
    http://checkip.dns.he.net

Dynamic DNS Support
  • We've added Dynamic DNS support!
    We're working on smoothing out how it's represented in the UI and writing something that resembles documentation, but thought we'd push out what we have so it can get a little use. It's a pretty basic implementation and should work well for most applications. It works with 'ddclient' (or dyndns compatible clients), and with any of the command line examples. We'll update this page when the documentation is ready. (we're hoping to have it written soon...). If you have any feedback on this new feature, please send them along to <dnsadmin@he.net>

Here are a few examples to get you started (manual testing)

http://[your domain name]:[your password]@dyn.dns.he.net/nic/update?hostname=[your domain name]

Autodetect my IPv4/IPv6 address:
% curl -4 "http://dyn.example.com:password@dyn.dns.he.net/nic/update?hostname=dyn.example.com"					
% curl -6 "http://dyn.example.com:password@dyn.dns.he.net/nic/update?hostname=dyn.example.com"					

Specify my IPv4/IPv6 address:
% curl "http://dyn.example.com:password@dyn.dns.he.net/nic/update?hostname=dyn.example.com&myip=192.168.0.1"					
% curl "http://dyn.example.com:password@dyn.dns.he.net/nic/update?hostname=dyn.example.com&myip=2001:db8:beef:cafe::1"

Here are a couple more examples that allow sending the password in the URL

Note: The username is also the hostname. The password is sent using 'password='. This skips HTTP basic auth.
Authentication and Updating using GET
% curl "https://dyn.dns.he.net/nic/update?hostname=dyn.example.com&password=password&myip=192.168.0.1"
% curl "https://dyn.dns.he.net/nic/update?hostname=dyn.example.com&password=password&myip=2001:db8:beef:cafe::1"

Authentication and Updating using a POST
% curl "https://dyn.dns.he.net/nic/update" -d "hostname=dyn.example.com" -d "password=password" -d "myip=192.168.0.1"
% curl "https://dyn.dns.he.net/nic/update" -d "hostname=dyn.example.com" -d "password=password" -d "myip=2001:db8:beef:cafe::1"

Things to note about the dynamic DNS support:
  • Your "username" is going to be the name of the record that has been tagged dynamic. ie You marked the A record for dyn.example.com as dynamic. Your username will be "dyn.example.com"
  • You can tag an A or AAAA record by editing it once you have selected the zone. (check the box).
  • Once you have "activated" the record to be dynamic, you will need to generate a key (or password if you prefer) for it. (click on the generate icon) to generate the key for the dynamic record.
  • If you have tagged both an A and AAAA record to be dynamic, you will see the icon twice, it is only necessary to generate one key as it is bound to the name of the record and not the name/type. (see the part up above where we mention that we're still working on the UI part... :) .)
  • When making updates, you will need to make a separate update for ipv4 and ipv6. We may add an additional "myipv6=" option in the future.


Additional Troubleshooting Tools:
  • Secondary domains that disallow AXFR's will be deactivated until they have been validated.
    You can validate the domain by selecting it from the "Slave domains for this account." (click on the (i)nformation icon) This will attempt to pull the zone from the specified nameserver(s). If it is successful, it will validate the domain and will start listening to your nameservers NOTIFY packets as well as making periodic checks (depending on your TTL).
  • We've added a small collapsable panel on each of the domain specific pages. (edit zone, slave information, etc)
    Click on the "[+] Raw Zone" to expand the panel. This will give you the raw AXFR output for the domain.

  • Do you have some tools that you'd like to see? Send us your suggestions!

Upcoming Features!

We've received some fantastic suggestions from our Open Beta users. We're looking into implementing:
  • Expanding our DDNS service to support TXT records
  • Bind Zone Import/Export
  • DNSSEC - We are exploring this now

Keep the feedback coming in!

Thanks!
DNS Administrator
<dnsadmin@he.net>


Updated 07.07.2020 - dnsadmin@he.net