Airport Extreme: update dynamic hostname through BIND

If you are the owner of an Apple Airport Extreme base station, you may have wondered if it is possible to assign a static hostname to your dynamically changing ADSL IP address. Many other routers offer this feature through one of the popular dynamic DNS services such as DynDNS. Apple however decided not to support the proprietary interfaces of those commercial services, but instead use a generic approach as described in RFC 2136 Dynamic Updates in the Domain Name System (DNS UPDATE).

Here’s how you can use this feature.


  • Apple Airport Extreme Base Station
  • Airport Utility version 5.6 (the DNS update feature is not accessible in 6.0+)
  • a domain name where you can choose your own nameserver (most domain sellers allow this)
  • a (Linux) server running BIND9 on a static IP address


  • for this setup I assume that your Linux box has the static hostname on IP address The domain name you want to use for your airport extreme is This means is owned by you and has its nameserver set to
  • Install BIND version 9 on your Linux server (e.g. “sudo apt-get install bind9”) and create a zone file for your domain. You can put it in /etc/bind/zones/ and make it look like this:
$TTL 86400	; 1 day		IN SOA (
				2012060524 ; serial
				28800      ; refresh (8 hours)
				7200       ; retry (2 hours)
				864000     ; expire (1 week 3 days)
				86400      ; minimum (1 day)
			MX	10
*			A
b			PTR
db			PTR
dr			PTR
lb			PTR
r			PTR
_dns-update		SRV	0 0 53
  • google for some BIND tutorials if you need more information on the zone file configuration
  • make sure port 53 UDP is open in your Linux box’s firewall
  • create a RNDC key. This is the “password” used to update your DNS zone. Run “rndc-confgen -a -c /etc/bind/rndc.key”
  • add the following to your /etc/bind/named.conf.local:
include "/etc/bind/rndc.key";
zone "" {
      type master;
      file "/etc/bind/zones/";
      update-policy {
        grant rndc-key name A;
  • ensure that your zone file and the named.conf.local have permissions -rw-r–r– and are owned by root, group bind.
  • on Ubuntu 12.04 I had to edit the file /etc/apparmor.d/usr.sbin.named and change the line “/etc/bind/zones/** r,” to “/etc/bind/zones/** rw,”
  • restart apparmor and bind
  • check the syslog for any bind errors
  • if you’ve just changed the nameserver of to, it may take 24h or more for this update to reach your provider’s DNS cache
  • check your nameserver configuration with “dig”. “dig a” should give you an answer section with your Linux box’s IP address. “dig ns” should return “dig PTR” should return
  • when everything works as expected, we can now configure Airport Extreme. Open “Airport Utility 5.6”, choose the “base station” tab and click “Edit…”. Configure it as in the screenshot below. The password is the “secret” as mentioned inside your rndc.key file. Enter it without the quotes.
  • click “Done” and “Update”. Your Airport Extreme should update the DNS A record for every 15 minutes. In your syslog it looks like this:

Jun 11 07:15:07 alderaan named[31953]: client updating zone '': deleting rrset at '' A
Jun 11 07:15:07 alderaan named[31953]: client updating zone '': adding an RR at '' A

  • you can now reach your home network from anywhere through the hostname “”. Success!!






3 responses to “Airport Extreme: update dynamic hostname through BIND”

  1. belkone

    Hi, I know, that article is from 2012, but should it works right now? When I try to setup dns using your solution I have in logs: named[5798]: client xx.xx.xx.xx#61698: update ‘zzz.zzz.zzz/IN’ denied. Can you tell me what am I doing wrong?

  2. Very interesting article. I can confirm it works but i think BIND is not giving back the right answer to apple airport router since the router sends DNS update very very often (5 times a minute). I think the answer should contain ttl value (lease time) but i didn’t figure out how to do that with BIND and i wrote my own dns server.

  3. Sanigo

    It is a good article, and it did work! But i have the same problem as Liviu, the router sends update too frequently. I have no idea about this.