There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Dynamic IP - Self hosting

Im sure this has been asked before i juat can’t find where it has been - Maybe need to work on how to search Lemmy better. But…

Id like to eventually self host some sevices that require external access. While I have IpV6 addresses my IPV4 is dynamic.

Whats the best free way to be able to point some domains/ subdomains I have to my external dynamic IP and keep it updated. Im running OpenWrt on my router. - So possibly should be posting there.

Free Dyndns services seem to be a bit crap. Do I need to pay for a VPS? (seems to defeat the point of self hosting)

MehBlah , (edited )

I use afraid.org to keep my dynamic dns pointed at my routers ip. With afraid.org dns you only need a curl statement scheduled on the opendnswrt router to keep the dynamic ip updated.

lemmyvore ,

Afraid.org gives you subdomains on other people’s domains, who can decide to stop letting you use them at any moment.

MehBlah ,

Yeah, you don’t have to share yours if you don’t want to.

lemmyvore ,

I was assuming that you don’t own a domain. If you do why would you use Afraid? There are lots of reliable DNS services to choose from and you can have interface and features that aren’t frozen in 1995.

MehBlah ,

I own a lot of domains. Why would I want to run my own DNS when I can use a simple uncomplicated system that is time proven and reliable. They could of course set it up with a fisher price interface for thumb suckers who need flash. What feature do you need beyond standard records and a simple dynamic feature? The price isn’t that bad either.

lemmyvore ,

You don’t run your own DNS, they are services hosted by someone else, just like Afraid. The difference, on top of the interface, is that they support modern record types, they have redundant servers all over the world, there’s a team working on them instead of just one guy, they have APIs that can let you manage your many domains easier, they have zone backup and restore etc.

I’ve used Afraid too, back when I was starting out and didn’t know any better, but once I’ve seen some of the other services out there I’ve never looked back. You’ll never know what extra features you could want if your current service doesn’t offer you any.

MehBlah ,

You don’t think you can run your own DNS? Currently I’m using local bind server at work to filter using commercial blocklists. It forwards all windows domain queries to the local AD servers DNS ensuring all internal windows related domains function normally. The external DNS queries though goes through bind and doesn’t care about anything except the root servers. I have firewall rules in place that prevent anyone from using any other DNS. Even DNS over TLS traffic is diverted to my DNS or blocked. It doesn’t rely on anything or any other organization other than the root servers.

In the twenty something years I’ve used afraid.org for personal use I’ve had very little down time. I’ve tried other services many, many times and other than something like cloudflare there is no point in switching. If you don’t want to use it, don’t. It works just fine and you can’t match the price anywhere else. To give you a sense of how many years I’ve been doing my own DNS I set my first DNS server for a dial up ISP in 95.

Finally, what record types are you referring to not being supported?

lemmyvore ,

what record types are you referring to not being supported?

AFAIK it only supports a small subset of all the types currently in use.

MehBlah ,

I guess I’ll worry about the obscure when its needed for something.

lemmyvore ,

CAA and DNSSEC aren’t obscure. I would not even consider managing any domain nowadays without them.

Neither are ALIAS/DNAME/HTTPS, which you’ll be running into more and more in the future if you haven’t already. You could argue there are multiple competing standards at work there but Afraid doesn’t implement any of them.

MehBlah ,

I’ll worry about it when it happens until then its obscure and of no importance.

lemmyvore ,

If anything ever happens that involves [the lack of] DNSSEC or CAA you’ll have to buy another domain because the old one will be on every block list.

MehBlah ,

Go away dude. I get that you have hived down the subject to the point of obsession but I’ve got websites that have been up for decades and if they go on a blocklist it will be for another reason. Not because of two barely used DNS records. Further if they become required then I’m sure they will be supported.

abeorch OP ,

Wow thanks everyone. I think I need to take another look at some of the DynDNS provides and digest all your great feedback.

Id like to go beyond personal self hosting stuff and maybe run some stuff that requires Federation. Im just thinking at the moment.

K3can ,
@K3can@lemmy.radio avatar

I’m using cloudflare as my nameserver and the free API seems to work just fine with ddclient.

chiisana ,
@chiisana@lemmy.chiisana.net avatar

ddclient paired with a supported provider.

possiblylinux127 ,

Don’t expose your services directly to the internet. Instead rent a VPS and the use Wireguard to bring the traffic back home. In your home network your services should be in there own VLAN and everything should be isolated and sandboxed. Everything has the potential to be compromised so always practice least privilege and defense in depth.

lud ,

Or just set up your home network and services properly. Ideally with reverse proxies and maybe a proper DMZ.

Kit ,

Namecheap domains include a dynamic DNS application for free and it works well. Be aware that it only runs on Windows.

Pika ,
@Pika@sh.itjust.works avatar

also keep in mind for people not on windows, namecheaps API only functions for business grade, and also is not clearly documented, there is a “dynamic dns setup page” but it isn’t up to date. I find myself trying to use openwrt’s DDNS pages for it but it still isn’t accurate, I am likely going to transfer elsewhere when im closer to the end of my lease. This API restriction also prevents you from easily automating your SSL process using letsencrypt as you are locked down to subdomain based entries instead of wildcard domains.

Nomecks ,

Script that checks your external IP and updates your DNS provider via API.

loudwhisper ,

Since you run already OpenWrt, you can check out openwrt.org/docs/guide-user/services/ddns/client

There is a list on this page of compatible services. If you don’t want to use one more service (DNS), you can use a domain registrar with an API (like porkbun) and find online tools that work with that.

Be aware of the risks of hosting your websites publicly from home, make sure to run them in very isolated environments. Having your VPS compromised is bad, but having your home network compromised is much worse!

bane_killgrind ,

That lists afraid.org as a ddns provider.

They are pretty great, I use them as my domain host.

abeorch OP ,

Yes I use no-ip but have to confirm the domain name every month or so and cant use my own domain on the free tier. (Maybe im just being cheap) - Also I haven’t been able to figure out how I would use / get SSL certificates.

loudwhisper ,

Yes, I have used it in the past and it was annoying…

You can get SSL certs with letsencrypt, but you need to use the http verification method.

lorentz ,

Not anymore, it supports txt records now

Willdrick ,

Try duckdns, it doesnt nag you every month and it just works

abeorch OP ,

Be aware of the risks of hosting your websites publicly from home, make sure to run them in very isolated environments. Having your VPS compromised is bad, but having your home network compromised is much worse!

Agree - Not something I will throw myself into.

fmstrat ,

I’ve used big names like ns1 and Cloudflare for free.

Toribor , (edited )
@Toribor@corndog.social avatar

Cloudflare has an api for easy dynamic dns. I use oznu/docker-cloudflare-ddns to manage this, it’s super easy:


<span style="color:#323232;">docker run 
</span><span style="color:#323232;">  -e API_KEY=xxxxxxx 
</span><span style="color:#323232;">  -e ZONE=example.com 
</span><span style="color:#323232;">  -e SUBDOMAIN=subdomain 
</span><span style="color:#323232;">  oznu/cloudflare-ddns
</span>

Then I just make a CNAME for each of my public facing services to point to ‘subdomain.example.com’ and use a reverse proxy to get incoming traffic to the right service.

Charadon ,
@Charadon@lemmy.sdf.org avatar

If you go down the VPS route, a headscale server on a cheap $3.50 VPS would be the way to go. Wouldn’t even have to deal with IP addresses at that point, while still being able to self-host all your services, with the cheap VPS being a glorified switch/firewall.

bastion ,

I use digital ocean as dns host. They have an API, so I check my IP with a script and update if needed.

lemmyvore ,

Get your own domain, find a free DNS service that provides an API, and it becomes a simple matter of updating a DNS A record whenever your IP changes.

Here’s a starting point: community.letsencrypt.org/t/…/86438

Don’t use a DynamicDNS service, they’re usually crap and they make you depend on a domain you don’t own.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •