Configuring DDclient DyDNS for Google Domains on Debian Linux

As follows is a quick guide on configuring your Google Domains domain(s) to be automatically updated via Dynamic DNS with ddclient.

Google Domains offers Dynamic DNS configurabilty at no additional expense, so doing this is practically a no-brainer! I’m doing this on a Raspberry Pi that also acts as my internal DNS BIND server to keep my public domains updated.

Configure Google Domains

Firstly, we need to configure your Google domain for Dynamic DNS support.

Under the DNS section of Google Domains, go to the “Synthetic Records” section.

Select “Dynamic DNS” from the left menu, enter the subdomain of your domain you want to configure for DyDNS, and press “Add.” In this example, I entered “@” because I want the top-level of my domain ( itself) to be configured for DyDNS. If you wanted “” to be dynamically updated, you’d enter “random” instead of “@.”


Install DDclient on Debian

Run the following:

sudo apt-get update
sudo apt-get install ddclient

Note: Leave options blank in the setup GUI that starts, we need to manually edit the configuration anyway.


Then stop the ddclient service for us to reconfigure it:

sudo systemctl stop ddclient


Edit /etc/ddclient.conf to look like the following, replacing the key portions with your values:

# Configuration file for ddclient generated by debconf
# /etc/ddclient.conf



if: Enter the network interface that should be used for making connections. This is easily obtainable via “ifconfig.”

protocol=googledomains: DDclient supports this, although not listed as an option in the setup we went through at install, which is a bit misleading.

login: Enter your username, found from the Dynamic DNS synthetic record you made at the beginning.

password: Make sure this has single-quotes around it.

daemon: This is the interval of seconds between checks the server will perform to see if its IP needs updating.

use, web: This tells DDclient to obtain its own external IP via Remember, if you’re running NAT (which you probably are), the IP in your server’s interface is not the same as your public IP! This takes care of that. Enter your domain here. If you’re updating the top-level of the domain like I am, omit the “@.”


In /etc/default/ddclient, find and set the following lines:


This tells ddclient to run as a daemon. Otherwise, it’ll only run once when you start it, then never again! Many guides miss this crucial step. I’ve set “daemon_interval” to 300 so the server checks for an IP update every 300 seconds (5m).


Test Configuration, Initially Update Domain, Install Service

Now it’s time to see if it works! Run the following:

sudo ddclient -daemon=0 -debug -verbose -noquiet

This runs the program in the CLI once for troubleshooting. You’ll be able to tell if it works by the output it generates. If so, check Google Domains! Your record should be updated:


Then enable ddclient and check to see if it’s running properly.

sudo systemctl enable ddclient

sudo systemctl start ddclient

sudo systemct status ddclient

You should see “active (running)” from the third command above.


Give the server a reboot to check that it still runs happily when it reboots. Maybe even take a packet capture to see your server reaching out every now and again! I used tcpdump to see the following:
That’s ddclient reaching out every five minutes to check its public IP!


Need more help? See Google’s documentation on DyDNS here.




  1. Just a note that I had to run
    sudo systemctl start ddclient
    to get it to start. Great tutorial, straight to the point 🙂

    • Thank you for writing that clarification. I am running Ubuntu Server 18.04 and the “sudo systemctl start ddclient” command was necessary for me as well.

  2. What does the SSL config do? Is this telling the client to connect to Google using SSL to update the WAN address? It’s nothing to do with the RPi web server using SSL – correct?

    • Scott Rainville

      April 26, 2019 at 9:25 pm

      It’s telling the client to encrypt its traffic with SSL when reaching out to Google to check its IP address, versus sending the request unencrypted. This guide doesn’t necessitate using a web server on the RPi, that’s completely separate.

  3. Thank you for the great article
    One question that I can’t figure out myself or find on the web. You seem to have XP on this subject.

    Is it possible to use the ddclient for my account for multiple sub-domains from the same host?
    I have a and a and a few others all running from the same nginx webserver. I want to configure each server block with their own subdomain instead folder.

    Below is the ‘ddclient –help’ for the googledomains section. It’s misleading because in the mutliple host section it says to use the same username/password for the different subdomains which doesn’t seem correct b/c google creates separate username/passwords for each dynamicdns subdomain. I was thinking about creating a small docker container with another ubuntu server on it and installer ddclient on it

    o ‘googledomains’

    The ‘googledomains’ protocol is used by DNS service offered by

    Configuration variables applicable to the ‘googledomains’ protocol are:
    protocol=googledomains ##
    login=service-login ## the user name provided by the admin interface
    password=service-password ## the password provided by the admin interface ## the host registered with the service.

    Example ddclient.conf file entries:
    ## single host update
    protocol=googledomains, \
    login=my-generated-user-name, \
    password=my-genereated-password \

    ## multiple host update to the custom DNS service
    protocol=googledomains, \
    login=my-generated-user-name, \
    password=my-genereated-password \,

  4. Nice article!

    Everything seemed to run fine with ddclient, where reported my router’s public IP correctly, then toward the end I got:

    FAILED: updating badauth: bad authorization.

    I triple-checked the username and password that Google domains gave when I made the dynamic DNS synthetic record. I even reset the username and password and tried a different set but still got “badauth”. The password was enclosed in single quotes.

    Any ideas?

Leave a Reply

Your email address will not be published. Required fields are marked *

© 2019 Rainvilletech Blog

Theme by Anders NorénUp ↑