Dynamic DNS Update Tool

Dynamic DNS Update Tool

Summary

RouterOS 7 does not provide a /tool dns-update command. If you try to run it, RouterOS returns bad command name dns-update.

For dynamic DNS on RouterOS 7, use one of these supported approaches instead:

• /ip/cloud for MikroTik’s built-in DDNS service (*.sn.mynetname.net)
• RouterOS scripts with /tool/fetch to call a DNS provider’s HTTP API
• External automation outside RouterOS when you need RFC 2136 updates to BIND or another authoritative DNS server

This page exists to correct older references to /tool dns-update and point to supported alternatives.

What RouterOS 7 Supports

MikroTik Cloud DDNS

/ip/cloud is the built-in RouterOS feature for keeping a hostname synced with the router’s public IP.

/ip/cloud/set ddns-enabled=yes
/ip/cloud/print

Typical output includes:

   ddns-enabled: yes
       dns-name: a1b2c3d4e5f6.sn.mynetname.net
 public-address: 203.0.113.45
         status: updated

Use this when you want a stable hostname for remote management or VPN peers and you are happy to use MikroTik’s cloud-managed domain.

Third-Party DNS Providers

RouterOS can also update third-party DNS providers, but not through a built-in RFC 2136 client. The usual pattern is:

1. Detect the current WAN IP.
2. Compare it with the last known value.
3. Call the provider’s HTTPS API with /tool/fetch.

Skeleton example:

/system/script/add name=update-ddns source={
    :local currentIP [/ip/cloud/get public-address]
    :if ([:len $currentIP] = 0) do={
        :log warning "DDNS update skipped: no public IP detected"
        :error "no public IP"
    }

    /tool/fetch url="https://api.example.net/ddns/update?hostname=router.example.com&ip=$currentIP" \
        http-method=get keep-result=no
}

Adjust the request format, headers, and authentication to match your provider.

RFC 2136 / BIND Updates

RouterOS 7 does not include a native RFC 2136 dynamic DNS client for direct updates to BIND. If you need authenticated zone updates against your own authoritative DNS infrastructure, use one of these approaches:

• run the update from an external host with nsupdate
• expose a small HTTP service that performs the RFC 2136 update on behalf of RouterOS
• use a DNS provider that offers an HTTPS API and call it from RouterOS scripts

Common Tasks

Enable MikroTik DDNS

/ip/cloud/set ddns-enabled=yes
/ip/cloud/print

If needed, force an immediate refresh:

/ip/cloud/force-update

Use the Cloud Hostname for a VPN Peer

/interface/wireguard/peers/add \
    interface=wg1 \
    public-key="<remote-public-key>" \
    endpoint-address=a1b2c3d4e5f6.sn.mynetname.net \
    endpoint-port=13231 \
    allowed-address=10.10.10.2/32 \
    persistent-keepalive=25s

Keep Time Accurate for API Calls

If your script depends on TLS certificates or time-sensitive provider authentication, configure NTP first:

/system/ntp/client/set enabled=yes servers=time.google.com,time.cloudflare.com

Troubleshooting

bad command name dns-update

Expected on RouterOS 7. Replace old /tool dns-update guidance with /ip/cloud or a scripted API-based workflow.

Cloud DDNS status is not updated

Check internet connectivity and confirm the router can resolve and reach MikroTik cloud services.

/ip/cloud/print
/ping count=4 address=cloud.mikrotik.com

Scripted provider updates fail

Check these items:

• the router has valid DNS and default routing
• system time is correct for HTTPS/TLS
• the provider URL, token, and request format are correct
• /tool/fetch is allowed to reach the internet through your firewall and NAT rules

Migration Notes

If you were looking for older examples that used /tool dns-update, treat them as obsolete for RouterOS 7. There is no direct drop-in replacement command.

• For MikroTik-managed DDNS, use /ip/cloud.
• For provider API workflows, use /tool/fetch inside a script.
• For direct RFC 2136 updates, use external automation rather than RouterOS itself.

See Also

• RouterOS Cloud
• Fetch