diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 028e9fd..d91fdcb 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -74,9 +74,10 @@ users:
     sudo: yes
     docker: yes
 
-# Data for DD24 dyndns updates
+# Data for dyndns updates
 dyndns_domain: "dyndns.n39.eu"
 dyndns_password: "{{ vault_dyndns_password }}"
+dyndns_token: "{{ vault_dyndns_token }}"
 
 # Shared influxdb items
 influxdb_org: "netz39"
diff --git a/group_vars/all/vault b/group_vars/all/vault
index 1e42948..255971a 100644
--- a/group_vars/all/vault
+++ b/group_vars/all/vault
@@ -1,7 +1,10 @@
 $ANSIBLE_VAULT;1.1;AES256
-34303066383937623831333466333965323161376134353838346235323662373164303163363734
-3134626237346361656533636161363331666537633538380a613761643431356530343663626666
-62646361316364333533316638646261373661633863363733366337373338336565366536386237
-3138646266613837310a396139363830613463393861336161363533343362383462623265356563
-31333862613937306463353130316365636634353862363039663762326263313366363530636631
-3630653638333831303432316266633833643739643533353536
+37306233306262383862373661626635346436316265663162343433303432653536376632316439
+6336396564613232363337303266643965346333396331620a316536636666393461353633366466
+39333362306166376462353739626139623835326461373834303330346538366637626363306438
+3033376133373330330a356236396366643938323666663836643738386337373362323933623838
+30316663646134623232336563343562393037363463303739626464633461323539306261316638
+61343330626263393065636230303632663965653939373437386561656539646533653661613236
+35326334313232633738633933653939383830636361373938373864643133363539623734646435
+32336630613231353337336466646164373734386539653936313865316336616264373061633139
+3839
diff --git a/host-pottwal.yml b/host-pottwal.yml
index a7da2b3..8d7ea6d 100644
--- a/host-pottwal.yml
+++ b/host-pottwal.yml
@@ -28,6 +28,8 @@
     - role: ansible-role-dehydrated_cron
     - role: dd24_dyndns_cron
       # variables are set in the inventory
+    - role: desec_dyndns_cron
+      # variables are set in the inventory
     - role: cleanuri
       vars:
         cleanuri_ui_domain: uritools.n39.eu
diff --git a/roles/desec_dyndns_cron/defaults/main.yml b/roles/desec_dyndns_cron/defaults/main.yml
new file mode 100644
index 0000000..59fc031
--- /dev/null
+++ b/roles/desec_dyndns_cron/defaults/main.yml
@@ -0,0 +1,4 @@
+# desec.io Cron configuration
+---
+dyndns_domain: www.example.com
+dyndns_token: yourtoken
diff --git a/roles/desec_dyndns_cron/handlers/main.yml b/roles/desec_dyndns_cron/handlers/main.yml
new file mode 100644
index 0000000..76bb1a9
--- /dev/null
+++ b/roles/desec_dyndns_cron/handlers/main.yml
@@ -0,0 +1,10 @@
+# handlers file for desec_dyndns_cron
+---
+- name: reload cron
+  ansible.builtin.shell:
+    cmd: service cron reload
+    warn: no
+# Use the shell call because the task sometimes has problems finding the service state
+#  service:
+#    name: cron
+#    state: restarted
diff --git a/roles/desec_dyndns_cron/tasks/main.yml b/roles/desec_dyndns_cron/tasks/main.yml
new file mode 100644
index 0000000..d389fb7
--- /dev/null
+++ b/roles/desec_dyndns_cron/tasks/main.yml
@@ -0,0 +1,18 @@
+---
+- name: Make sure cron and curl are installed
+  apt:
+    name:
+      - cron
+      - curl
+    state: present
+
+- name: Setup cron file for desec.io updates
+  ansible.builtin.template:
+    src: "templates/desec-dyndns.cron.j2"
+    dest: "/etc/cron.d/desec-dyndns"
+    owner: root
+    group: root
+    mode: "0644"
+  notify: reload cron
+  # There is ansible.builtin.cron, but this makes configuration much
+  # more complicated, so we stick to the template.
diff --git a/roles/desec_dyndns_cron/templates/desec-dyndns.cron.j2 b/roles/desec_dyndns_cron/templates/desec-dyndns.cron.j2
new file mode 100644
index 0000000..32bf8b6
--- /dev/null
+++ b/roles/desec_dyndns_cron/templates/desec-dyndns.cron.j2
@@ -0,0 +1,6 @@
+# /etc/cron.d/desec-dyndns: Cron call to renew DynDNS entry
+
+SHELL=/bin/sh
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+
+*/5 * * * * root curl --silent --show-error --user {{ dyndns_domain }}:{{ dyndns_token }} "https://update.dedyn.io/" > /dev/null 2> >(/usr/bin/logger -p user.error -t desec)