There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Dynamic IP - Self hosting

Im sure this has been asked before i juat can’t find where it has been - Maybe need to work on how to search Lemmy better. But…

Id like to eventually self host some sevices that require external access. While I have IpV6 addresses my IPV4 is dynamic.

Whats the best free way to be able to point some domains/ subdomains I have to my external dynamic IP and keep it updated. Im running OpenWrt on my router. - So possibly should be posting there.

Free Dyndns services seem to be a bit crap. Do I need to pay for a VPS? (seems to defeat the point of self hosting)

BearOfaTime ,

VPS with a tunnel between it and home services (Wireguard/Tailscale, etc)in my opinion is Best Way as it isolates your home gateway (no open ports, because you make outbound connections to your VPS), and let VPS handle Identity and Access Management

(Or an equivalent isolating architecture).

Alternatively, Tailscale has a Funnel feature which can route public traffic into your Tailscale network. Though I don’t love this approach, it does work for low-volume connections.

Zephyr ,

+1 for using Tailscale funnel Don’t use a lot of resources and easy to setup

MehBlah , (edited )

I use afraid.org to keep my dynamic dns pointed at my routers ip. With afraid.org dns you only need a curl statement scheduled on the opendnswrt router to keep the dynamic ip updated.

lemmyvore ,

Afraid.org gives you subdomains on other people’s domains, who can decide to stop letting you use them at any moment.

MehBlah ,

Yeah, you don’t have to share yours if you don’t want to.

lemmyvore ,

I was assuming that you don’t own a domain. If you do why would you use Afraid? There are lots of reliable DNS services to choose from and you can have interface and features that aren’t frozen in 1995.

MehBlah ,

I own a lot of domains. Why would I want to run my own DNS when I can use a simple uncomplicated system that is time proven and reliable. They could of course set it up with a fisher price interface for thumb suckers who need flash. What feature do you need beyond standard records and a simple dynamic feature? The price isn’t that bad either.

lemmyvore ,

You don’t run your own DNS, they are services hosted by someone else, just like Afraid. The difference, on top of the interface, is that they support modern record types, they have redundant servers all over the world, there’s a team working on them instead of just one guy, they have APIs that can let you manage your many domains easier, they have zone backup and restore etc.

I’ve used Afraid too, back when I was starting out and didn’t know any better, but once I’ve seen some of the other services out there I’ve never looked back. You’ll never know what extra features you could want if your current service doesn’t offer you any.

MehBlah ,

You don’t think you can run your own DNS? Currently I’m using local bind server at work to filter using commercial blocklists. It forwards all windows domain queries to the local AD servers DNS ensuring all internal windows related domains function normally. The external DNS queries though goes through bind and doesn’t care about anything except the root servers. I have firewall rules in place that prevent anyone from using any other DNS. Even DNS over TLS traffic is diverted to my DNS or blocked. It doesn’t rely on anything or any other organization other than the root servers.

In the twenty something years I’ve used afraid.org for personal use I’ve had very little down time. I’ve tried other services many, many times and other than something like cloudflare there is no point in switching. If you don’t want to use it, don’t. It works just fine and you can’t match the price anywhere else. To give you a sense of how many years I’ve been doing my own DNS I set my first DNS server for a dial up ISP in 95.

Finally, what record types are you referring to not being supported?

lemmyvore ,

what record types are you referring to not being supported?

AFAIK it only supports a small subset of all the types currently in use.

MehBlah ,

I guess I’ll worry about the obscure when its needed for something.

lemmyvore ,

CAA and DNSSEC aren’t obscure. I would not even consider managing any domain nowadays without them.

Neither are ALIAS/DNAME/HTTPS, which you’ll be running into more and more in the future if you haven’t already. You could argue there are multiple competing standards at work there but Afraid doesn’t implement any of them.

MehBlah ,

I’ll worry about it when it happens until then its obscure and of no importance.

lemmyvore ,

If anything ever happens that involves [the lack of] DNSSEC or CAA you’ll have to buy another domain because the old one will be on every block list.

MehBlah ,

Go away dude. I get that you have hived down the subject to the point of obsession but I’ve got websites that have been up for decades and if they go on a blocklist it will be for another reason. Not because of two barely used DNS records. Further if they become required then I’m sure they will be supported.

lemmyvore ,

Get your own domain, find a free DNS service that provides an API, and it becomes a simple matter of updating a DNS A record whenever your IP changes.

Here’s a starting point: community.letsencrypt.org/t/…/86438

Don’t use a DynamicDNS service, they’re usually crap and they make you depend on a domain you don’t own.

bastion ,

I use digital ocean as dns host. They have an API, so I check my IP with a script and update if needed.

Charadon ,
@Charadon@lemmy.sdf.org avatar

If you go down the VPS route, a headscale server on a cheap $3.50 VPS would be the way to go. Wouldn’t even have to deal with IP addresses at that point, while still being able to self-host all your services, with the cheap VPS being a glorified switch/firewall.

TCB13 ,
@TCB13@lemmy.world avatar

Free Dyndns services seem to be a bit crap

Why do you say that? freedns.afraid.org and www.duckdns.org are very solid and if you’re looking for something more corporate even Cloudflare offers that service for free.

Toribor ,
@Toribor@corndog.social avatar

DuckDNS is great… but they have had some pretty major outages recently. No complaints, I know it’s an extremely valuable free service but it’s worth mentioning.

Toribor , (edited )
@Toribor@corndog.social avatar

Cloudflare has an api for easy dynamic dns. I use oznu/docker-cloudflare-ddns to manage this, it’s super easy:


<span style="color:#323232;">docker run 
</span><span style="color:#323232;">  -e API_KEY=xxxxxxx 
</span><span style="color:#323232;">  -e ZONE=example.com 
</span><span style="color:#323232;">  -e SUBDOMAIN=subdomain 
</span><span style="color:#323232;">  oznu/cloudflare-ddns
</span>

Then I just make a CNAME for each of my public facing services to point to ‘subdomain.example.com’ and use a reverse proxy to get incoming traffic to the right service.

loudwhisper ,

Since you run already OpenWrt, you can check out openwrt.org/docs/guide-user/services/ddns/client

There is a list on this page of compatible services. If you don’t want to use one more service (DNS), you can use a domain registrar with an API (like porkbun) and find online tools that work with that.

Be aware of the risks of hosting your websites publicly from home, make sure to run them in very isolated environments. Having your VPS compromised is bad, but having your home network compromised is much worse!

bane_killgrind ,

That lists afraid.org as a ddns provider.

They are pretty great, I use them as my domain host.

abeorch OP ,

Yes I use no-ip but have to confirm the domain name every month or so and cant use my own domain on the free tier. (Maybe im just being cheap) - Also I haven’t been able to figure out how I would use / get SSL certificates.

loudwhisper ,

Yes, I have used it in the past and it was annoying…

You can get SSL certs with letsencrypt, but you need to use the http verification method.

lorentz ,

Not anymore, it supports txt records now

Willdrick ,

Try duckdns, it doesnt nag you every month and it just works

abeorch OP ,

Be aware of the risks of hosting your websites publicly from home, make sure to run them in very isolated environments. Having your VPS compromised is bad, but having your home network compromised is much worse!

Agree - Not something I will throw myself into.

fmstrat ,

I’ve used big names like ns1 and Cloudflare for free.

revv ,

You can get super cheap VPSs and use them just as a reverse proxy (with access via VPN). I host 11 servers using one single-core VPS as a reverse proxy. All data resides on premises, in house. I pay 10/yr for VPS. It definitely does not defeat the purpose.

abeorch OP ,

Yeah maybe I need to consider this.

yatzy ,

From where can you get a VPS for that price?

revv ,

Check out low end box. I found coupons for racknerd. I have one VPS that’s $10/yr, another that’s $18/yr. I’ve had zero downtime in the 18 months I’ve used them. No complaints from me. YMMV of course.

Kit ,

Namecheap domains include a dynamic DNS application for free and it works well. Be aware that it only runs on Windows.

Pika ,
@Pika@sh.itjust.works avatar

also keep in mind for people not on windows, namecheaps API only functions for business grade, and also is not clearly documented, there is a “dynamic dns setup page” but it isn’t up to date. I find myself trying to use openwrt’s DDNS pages for it but it still isn’t accurate, I am likely going to transfer elsewhere when im closer to the end of my lease. This API restriction also prevents you from easily automating your SSL process using letsencrypt as you are locked down to subdomain based entries instead of wildcard domains.

bungle_in_the_jungle ,

I use TailScale and their free Personal plan.

Disclaimer though: I haven’t done much due diligence on it. It was easy to install when I first started self hosting with Umbrel and I use it so rarely that it’s good enough for my usage.

abeorch OP ,

I want to be independent. My understanding is that Tail scale relies on a service they run or a endpoint you run on a VPS - Is that right?

bungle_in_the_jungle ,

Oh right, yeah you’re dependent on their service.

JRaccoon ,
@JRaccoon@discuss.tchncs.de avatar

I’ve been using No-IP free plan for years without issues. Inputted the credentials to my routers DDNS client and then basically forgot about it. Free users need to confirm their account once a month via email but that’s just one click.

If your domain registrar happens to have an API to update DNS entries, you could implement DDNS yourself by writing a simple automated script to check the external IP (e.g. via ipify.org) and if it’s changed from the last check then call the API to update the DNS entries.

TCB13 ,
@TCB13@lemmy.world avatar

No-IP

Don’t recommend that. There are plenty of better alternatives such as freedns.afraid.org and www.duckdns.org that aren’t run by predatory companies that may pull the plug like DynDNS did.

JRaccoon ,
@JRaccoon@discuss.tchncs.de avatar

Sure. I’m not recommending anything, just stating what has worked for me. For simple use cases, I think most of the DDNS services are pretty much the same anyway and it’s easy to switch to an another one if one stops working for some reason.

abeorch OP ,

Yeah been using No-ip free but I worry that one day I will forget to confirm and ill ge cut-off.

possiblylinux127 ,

Don’t expose your services directly to the internet. Instead rent a VPS and the use Wireguard to bring the traffic back home. In your home network your services should be in there own VLAN and everything should be isolated and sandboxed. Everything has the potential to be compromised so always practice least privilege and defense in depth.

lud ,

Or just set up your home network and services properly. Ideally with reverse proxies and maybe a proper DMZ.

Nomecks ,

Script that checks your external IP and updates your DNS provider via API.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • [email protected]
  • lifeLocal
  • goranko
  • All magazines
    •