Skip to main content

User Manual

KeenDNS frequently asked questions

Question: Which Keenetic models support KeenDNS?

  • Answer: All current models of Keenetic routers support KeenDNS.

Question: Which firmware versions support KeenDNS?

  • Answer: KeenDNS support was added to the KeeneticOS router operating system starting from version 2.08.

Question: If I reset the router to factory default settings, will the previously registered KeenDNS name remain?

  • Answer: Yes, it will. If you perform a factory reset, the KeenDNS domain name will not be deleted and will be automatically restored after the reset.

Question: How does KeenDNS keep my personal information secure and private?

  • Answer: The digital certificate and HTTPS private key are stored directly on the endpoint device (Keenetic router). When accessing through the cloud server via HTTPS, a secure tunnel is built up to the router, which ensures the security and confidentiality of data transmitted over the Internet. The session is established using end-to-end encryption. This means, among other things, that information transferred between the router and the browser via HTTPS is not accessible to the KeenDNS cloud servers that provide data transfer at the transport layer. With cloud access over HTTP, a secure channel is established between the router and the KeenDNS server using a KeenDNS digital certificate, which also guarantees security and protects data from interception.

Question: Is it possible to access home devices via FTP, RDP, RTSP, and Telnet via KeenDNS when using 'Through the cloud' access mode?

  • Answer: No. KeenDNS allows remote access to the Keenetic web interface, as well as to home network devices with web interface (it can be a webcam, network drive, router, server, etc.) via HTTP/HTTPS protocols on the following ports:

    HTTP: 80, 81, 280, 591, 777, 5080, 8080, 8090 and 65080

    HTTPS: 443, 5083, 5443, 8083, 8443 and 65083.

Question: If the router is inactive on the Internet for a long time, won't the registered router address be deleted?

  • Answer: No, there is no time restriction on the use of registered KeenDNS domain names.

Question: How long does the router receive an SSL certificate when registering a KeenDNS domain name, and how do I renew it?

  • Answer: When registering a domain name, Keenetic router automatically receives an SSL certificate certified by Let's Encrypt Authority. The certificate is valid for 90 days. There is no need to renew or reissue the certificate manually. The router does it automatically every three months.

Question: In case my router malfunctions and I can't get the KeenDNS name transfer code, is there any way to remove the registered KeenDNS name and transfer it to a new Keenetic router?

  • Answer: Yes, you can delete the previously assigned KeenDNS domain name via our technical support team and then transfer it to a new Keenetic router.

    If the router is out of service, please contact technical support with a request to delete the domain name. Specify the reason (returned the device to the shop, the service replaced with a new one, failed, burned out, etc.), the service code (consists of 15 digits and is located on the back of the case on a sticker), and the exact domain name previously registered in the KeenDNS service, which should be deleted.

    Additionally, in some cases, we may need the following information: a photo of the router, the date of purchase, a copy of the receipt, the order number when the faulty router was sent to the service, and the date of the last Internet connection.

Question: For some reason, I cannot release the KeenDNS domain name on my router via the web interface, it remains after deletion. How can I completely remove the domain name registration on the device?

  • Answer: Connect to the command-line interface (CLI) of the router and execute the commands sequentially:

    ip http ssl acme revoke <domain_name_keendns>

    system configuration save

    For example:

    ip http ssl acme revoke myname.keenetic.pro

    system configuration save

Question: How do I manually obtain an SSL certificate for a domain?

  • Answer: Connect to the command-line interface (CLI) of the router and execute the commands sequentially:

    ip http ssl acme get <domain_name_keendns>

    system configuration save

    For example:

    ip http ssl acme get myname.keenetic.link

    system configuration save

Question: I have configured remote access to the 4G/3G USB modem interface using a layer 4 domain, but access is performed without authentication, which is insecure. Is it possible to enable password authentication?

  • Answer: Yes, it is possible to enable this feature on a Keenetic router. You can find detailed information in the instruction 'Password protected remote access to a device with open Web UI via KeenDNS'. After that, when accessing the device interface, you will see an authorisation window with a request to enter login and password.

    Such authentication can be enabled not only for a home network device with an open web interface but also for devices that are protected by their own authentication system. In this case, double authentication per device will be used, which increases security when enabling remote access.

Question: Is it possible to configure the KeenDNS service in such a way that during the work of the main provider, the domain name functions in the 'Direct access' mode, and when switching to a backup provider, the 'Through the cloud' access mode is enabled?

Question: What is the purpose of the "Operating mode (IPv6)' option? When should it be enabled?

  • Answer: Our cloud server has a web proxy on an IPv6 address and can broadcast requests to Keenetic using the KeenDNS domain name. This option enables the Cloud mode for IPv6 addresses. This feature is designed to allow devices that only have IPv6 addresses to reach Keenetic by its domain name. A DNS type A record with an IPv4 and IPv6 address is reserved behind the *.keenetic.* record. If your PC has only an IPv6 address and has IPv6 Internet access, it will be able to communicate with the cloud, and you will be able to get to Keenetic remotely. The request to the cloud server must come from an IPv6 address only. If you do not have a private IPv6 address, you should not enable this option!

Question: Why is the video stream (image) from the surveillance camera not displayed while access to the camera web interface via the KeenDNS domain name works?

  • Answer: When using a private IP address and KeenDNS service in the 'Through the Cloud' mode, the work is done via web proxy, and remote access to the web interface of network devices is possible only via HTTP/HTTPS protocol.

    If the camera/VCR transmits video via HTTP/HTTPS protocol, in this case, video transmission (picture display) will work via KeenDNS. But if the camera/recorder uses other protocols for video streaming (for example, RTSP (Real Time Streaming Protocol) or RTP (Real-time Transport Protocol)), or the interface requires installation of a special plug-in to support viewing of images from cameras, in this case, video transmission via KeenDNS will not work. In such a situation, to access the camera/VCR you should use the public IP address on the router and use 'Direct Access' mode in KeenDNS, or use a VPN connection for remote access to the camera/VCR. For more information, see the article '???'.

Question: Is it possible to set up remote access to the web interface of a 4G/3G USB modem that is connected directly to the USB port of your Keenetic router?

  • Answer: Yes, instructions and an example of such a setting are shown in the article '???'.

    In the same way, you can set up remote access to the web interface of the GPON modem/router, through which you connect to the Internet and behind which the Keenetic router is installed.