Skip to main content
Cisco Meraki Documentation

Dynamic DNS (DDNS)


The Cisco Meraki MX Security Appliance uses Dynamic DNS (DDNS) to update its DNS host record automatically each time its public IP address changes. This feature is useful because it allows the administrator to configure applications such as client VPN to access the MX by its hostname which is static instead of an IP address that may change over time. 

Note: MX appliances bound to template networks cannot have their DDNS settings modified. 

Note: DDNS hostnames are tied to the network that the MX belongs to. Moving it to a different organization or network, the hostname will change.


To use Dynamic DNS on your MX Security Appliance, it must first be set to Routed mode. This is done under Security & SD-WAN > Configure > Addressing & VLANs in Dashboard.

MXs in Passthrough or VPN concentrator mode do not support Dynamic DNS (DDNS) on firmware below MX 16.X

Enabling Routed Mode

DC Routed Mode.png

Once the MX is set to Routed mode, the Dynamic DNS section will appear at the bottom of the Security & SD-WAN > Configure > Addressing & VLANs page with a link to the Security & SD-WAN > Monitor > Appliance status page.

Enabling Dynamic DNS

Once on the Security & SD-WAN > Monitor > Appliance status page, select the pencil icon next to Hostname, located between the WAN IP and Serial Number on the left of the page.



A dialog box will appear for configuring Dynamic DNS. Select Enabled in the dialog box and enter a public domain name if necessary, then select Update.

ddns screenshot.PNG

After DDNS is enabled, you can confirm it is working by performing a DNS query for the MX DDNS hostname. Open a command prompt on any workstation and type "nslookup <your dynamic DNS name>." The DNS response should return the current active public IP address of the MX.

Note: The expected TTL for dynamic DNS records is typically about 10 minutes, so you may need to wait 10 minutes before testing to see accurate results.

Note: If DDNS is in use with an HA pair configured with a virtual IP (VIP) behind NAT, DDNS will resolve to the NAT-translated (public) address of the management/uplink IP, rather than the NAT-translated virtual IP.


Querying the MX DNS hostname


Testing Dynamic DNS Resolution 

The following instructions describe how to find out what servers are resolving our dynamic DNS, and query them to see what IP address they are associating to the MX:

  1. Open cmd.exe from "C:\Windows\System32" on your laptop, and run a "nslookup"


  1. Set query to any and sort it for It will list all the servers used by 


  1. This lists the servers serving this dynamic-m site for its host names lookup. You would be checking if you could search for the hostname from the individual servers.

nslookup [-option] [hostname] [server]


This would help in learning if the IP address was ever updated on the server and if the problem is the servers not responding to the requests.

  • Was this article helpful?