Keep your Azure DNS records in sync with your dynamic IP — no third-party DDNS provider required.
A lightweight, serverless Dynamic DNS solution built on Azure Functions (PowerShell). Instead of relying on services like No-IP or DynDNS, this function lets you manage your own DDNS entirely within your Azure subscription using your existing Azure DNS zone.
Inspired by Create Dynamic DNS Azure DNS Pt1.
- 🔄 Automatically updates all A records in a DNS zone with your current public IP
- 🔒 Selectively lock individual records to prevent them from being overwritten
- 🛡️ Authenticates via Managed Identity — no credentials stored in code
- 📡 IP auto-detection from the
x-forwarded-forheader (no request body needed) - ⚡ Serverless — runs on the Azure Functions Consumption plan, so you only pay when it runs
- Architecture — system design, components, and request/authentication flows
- Implementation Details — code walkthrough, configuration reference, and usage examples
- Azure subscription
- Azure DNS zone with one or more A records
- Azure Function App (PowerShell runtime) deployed from this repository
- Managed Identity enabled on the Function App with the DNS Zone Contributor role assigned on the subscription or resource group where the DNS zone lives
The function assumes it runs in the same subscription as the DNS zone. If that is not the case, add subscription selection logic in
DynDNSUpdater/run.ps1.
Update the $resourceGroupName variable in DynDNSUpdater/run.ps1 to match the resource group that contains your DNS zone:
$resourceGroupName = "rg-dyndns"Auto-detect your IP (simplest):
POST https://<function-app>.azurewebsites.net/api/DynDNSUpdater?code=<key>&Zone=example.com
Provide an explicit IP:
GET https://<function-app>.azurewebsites.net/api/DynDNSUpdater?code=<key>&Zone=example.com&reqIP=203.0.113.42
To prevent a specific A record from being updated, add a lock=true metadata tag to it:
az network dns record-set a update \
--resource-group rg-dyndns \
--zone-name example.com \
--name server \
--metadata lock=true- A client (router, cron job, home automation) sends an HTTP request with the DNS
Zoneto update. - The function resolves the IP from the request parameter or the
x-forwarded-forheader. - It iterates over every A record in the zone, skipping any that are locked.
- Unlocked records are updated with the resolved IP via the
Az.DnsPowerShell module.
For a detailed breakdown, see the Architecture and Implementation Details docs.