BOAC,

First I must confess my practical experience of Dynamic DNS is limited due to more frequent use of static IP and normal DNS. My understanding of it is that there is a DDNS client which keeps the Dynamic DNS service updated with your router/whatever's current IP address.

If that is the case, then the inherent security risks are as follows :

(1) Security vulnerability in the internet exposed DDNS client service leading to a launch point for attacks.

(2) DNS on its own is only there to resolve a name to an IP. Therefore you need to review your general L3 security stance accordingly (filter rules etc.) No specific things need to be checked for DNS in your scenario.