changing providers I adjusted the old script to fit my router, using PPPoE but not NetworkManager.

Create /etc/ppp/ip-up.local with this content

for paid accounts (DynDNS Pro and Dyn Standard DNS), one can do the updates with TSIG.

This allows us to not use ddclient, thus not having our DynDNS.com password in a config file on disk. Obviously, if the key is leaked, an attacker can still wreak havoc with your DynDNS zone configurations, but at least they will not be able to log onto the web interface of DynDNS under your name.