inntran · January 4, 2018 19:48 · Jan 4, 2018
diff --git a/dhcpv6-he.net-ddns-https.md b/dhcpv6-he.net-ddns-https.md
@@ -0,0 +1,34 @@
+# Automate DDNS record on HE.net free DNS service for RouterOS DHCPv6 client
+
+## Turning on DDNS of your record
+
+Official documentation on HE.net DDNS, you have to logout or open another browser session to check it out: https://dns.he.net
+### Steps
+
+1. Check "Enable entry for dynamic dns" checkbox for the domain record you want to enable DDNS on.
+2. Click the ![Generate Icon](https://dns.he.net/include/images/generate.gif) in DDNS column of your domain record table.
+3. Generate a new DDNS key, keep a record of it somewhere(you won't be able to retrieve it again from this interface). Save.
+4. Take the FQDN and its DDNS key, we will use this in our script on RouterOS.
+
+## Add script to DHCPv6 client on RouterOS
+
+As of RouterOS 6.41, it does not resolve to IPv6 addresses for a given domain name by default,
+so the server side is not able to detect your IPv6 address. We have to supply that information in the request.
+
+### Steps
+1. In order to trust the certificate chain, you have to import root CA cert and intermediate CA cert. https://dyn.dns.he.net is currently using Let's Encrypt, so at least the following two certs need to be imported:
+https://www.identrust.com/certificates/trustid/root-download-x3.html
+and
+https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt
+
+2. In "Advanced" tab of the DHCPv6 client, paste the following script and update it with your FQDN and DDNS key.
+
+```
+:local ddnshostname "<FQDN with DDNS enabled>"
+:local ddnspassword "<Corresponding DDNS key>"
+
+:if ($"na-valid" = 1) do={
+    :log info ("Updating DDNS record of: " . $ddnshostname . " with new IPv6 address: " . $"na-address")
+    /tool fetch check-certificate=yes keep-result=no url="https://dyn.dns.he.net/nic/update" http-data=("hostname=" . $ddnshostname . "&password=" . $ddnspassword . "&myip=" .  $"na-address")
+}
+```
No results found