Im sure this has been asked before i juat can’t find where it has been - Maybe need to work on how to search Lemmy better. But…
Id like to eventually self host some sevices that require external access. While I have IpV6 addresses my IPV4 is dynamic.
Whats the best free way to be able to point some domains/ subdomains I have to my external dynamic IP and keep it updated. Im running OpenWrt on my router. - So possibly should be posting there.
Free Dyndns services seem to be a bit crap. Do I need to pay for a VPS? (seems to defeat the point of self hosting)
I use afraid.org to keep my dynamic dns pointed at my routers ip. With afraid.org dns you only need a curl statement scheduled on the open
dnswrt router to keep the dynamic ip updated.Afraid.org gives you subdomains on other people’s domains, who can decide to stop letting you use them at any moment.
Yeah, you don’t have to share yours if you don’t want to.
I was assuming that you don’t own a domain. If you do why would you use Afraid? There are lots of reliable DNS services to choose from and you can have interface and features that aren’t frozen in 1995.
I own a lot of domains. Why would I want to run my own DNS when I can use a simple uncomplicated system that is time proven and reliable. They could of course set it up with a fisher price interface for thumb suckers who need flash. What feature do you need beyond standard records and a simple dynamic feature? The price isn’t that bad either.
You don’t run your own DNS, they are services hosted by someone else, just like Afraid. The difference, on top of the interface, is that they support modern record types, they have redundant servers all over the world, there’s a team working on them instead of just one guy, they have APIs that can let you manage your many domains easier, they have zone backup and restore etc.
I’ve used Afraid too, back when I was starting out and didn’t know any better, but once I’ve seen some of the other services out there I’ve never looked back. You’ll never know what extra features you could want if your current service doesn’t offer you any.
You don’t think you can run your own DNS? Currently I’m using local bind server at work to filter using commercial blocklists. It forwards all windows domain queries to the local AD servers DNS ensuring all internal windows related domains function normally. The external DNS queries though goes through bind and doesn’t care about anything except the root servers. I have firewall rules in place that prevent anyone from using any other DNS. Even DNS over TLS traffic is diverted to my DNS or blocked. It doesn’t rely on anything or any other organization other than the root servers.
In the twenty something years I’ve used afraid.org for personal use I’ve had very little down time. I’ve tried other services many, many times and other than something like cloudflare there is no point in switching. If you don’t want to use it, don’t. It works just fine and you can’t match the price anywhere else. To give you a sense of how many years I’ve been doing my own DNS I set my first DNS server for a dial up ISP in 95.
Finally, what record types are you referring to not being supported?
what record types are you referring to not being supported?
AFAIK it only supports a small subset of all the types currently in use.
Since you run already OpenWrt, you can check out https://openwrt.org/docs/guide-user/services/ddns/client
There is a list on this page of compatible services. If you don’t want to use one more service (DNS), you can use a domain registrar with an API (like porkbun) and find online tools that work with that.
Be aware of the risks of hosting your websites publicly from home, make sure to run them in very isolated environments. Having your VPS compromised is bad, but having your home network compromised is much worse!
That lists afraid.org as a ddns provider.
They are pretty great, I use them as my domain host.
Be aware of the risks of hosting your websites publicly from home, make sure to run them in very isolated environments. Having your VPS compromised is bad, but having your home network compromised is much worse!
Agree - Not something I will throw myself into.
Yes I use no-ip but have to confirm the domain name every month or so and cant use my own domain on the free tier. (Maybe im just being cheap) - Also I haven’t been able to figure out how I would use / get SSL certificates.
Try duckdns, it doesnt nag you every month and it just works
Yes, I have used it in the past and it was annoying…
You can get SSL certs with letsencrypt, but you need to use the http verification method.
Not anymore, it supports txt records now
VPS with a tunnel between it and home services (Wireguard/Tailscale, etc)in my opinion is Best Way as it isolates your home gateway (no open ports, because you make outbound connections to your VPS), and let VPS handle Identity and Access Management
(Or an equivalent isolating architecture).
Alternatively, Tailscale has a Funnel feature which can route public traffic into your Tailscale network. Though I don’t love this approach, it does work for low-volume connections.
+1 for using Tailscale funnel Don’t use a lot of resources and easy to setup
Script that checks your external IP and updates your DNS provider via API.
Self hosting doesn’t mean you should host everything yourself at home, using a VPS you manage (so the data inside it is still yours) is also a viable option for selfhosting. I myself host some services at home and a few others in a VPS.
As for Dyndns, I’ve used a few providers over the years. DuckDNS is the one I’ve been using for 5 years or so and it’s not failed me once. Pretty happy with it.
Maybe you could have a duckdns pointing to your dynamic IP and your domains / subdomains with a CNAME pointing to the dyndns address?
Namecheap domains include a dynamic DNS application for free and it works well. Be aware that it only runs on Windows.
also keep in mind for people not on windows, namecheaps API only functions for business grade, and also is not clearly documented, there is a “dynamic dns setup page” but it isn’t up to date. I find myself trying to use openwrt’s DDNS pages for it but it still isn’t accurate, I am likely going to transfer elsewhere when im closer to the end of my lease. This API restriction also prevents you from easily automating your SSL process using letsencrypt as you are locked down to subdomain based entries instead of wildcard domains.
Many DNS providers have an API and are supported by various dynamicDNS clients. I use Cloudflare and the built in client on my Opnsense router.
OpenWRT should have a client too that supports a bunch of services.
Get your own domain, find a free DNS service that provides an API, and it becomes a simple matter of updating a DNS
Arecord whenever your IP changes.Here’s a starting point: https://community.letsencrypt.org/t/dns-providers-who-easily-integrate-with-lets-encrypt-dns-validation/86438
Don’t use a DynamicDNS service, they’re usually crap and they make you depend on a domain you don’t own.
You can get super cheap VPSs and use them just as a reverse proxy (with access via VPN). I host 11 servers using one single-core VPS as a reverse proxy. All data resides on premises, in house. I pay 10/yr for VPS. It definitely does not defeat the purpose.
From where can you get a VPS for that price?
Check out low end box. I found coupons for racknerd. I have one VPS that’s $10/yr, another that’s $18/yr. I’ve had zero downtime in the 18 months I’ve used them. No complaints from me. YMMV of course.
Yeah maybe I need to consider this.
How often does your IP actually change? Mine changes so rarely (during extended power outages, say) that I am able to just update my IP manually when it does.
I even used to run my own authoritative DNS server at home (the one offered by my registrar isn’t configurable enough, think SRV and TXT records) - for that, I have a web UI at my registrar to set the IP addresses of the DNS server.
I have dyndns, have since they were 10$ a year, and I’ve gradually realized that my ISP changes my IP on average less than once a year…
Wow thanks everyone. I think I need to take another look at some of the DynDNS provides and digest all your great feedback.
Id like to go beyond personal self hosting stuff and maybe run some stuff that requires Federation. Im just thinking at the moment.
There are two options, one is tunneling (e.g. tailscale, cloudfare tunnels, or a VPS either with special software or plain old SSH port forward constant connection). The other option, the most popular answer (I think, influenced by how yoy asked) is Dynamic DNS or DynDNS (e.g. duck, hurricane, freedns, etc.) this second one is like the classic solution.
FreeDNS works pretty well as long as you don’t need more than 5 DNS records.
Other free services I had good experiences with:
If you go down the VPS route, a headscale server on a cheap $3.50 VPS would be the way to go. Wouldn’t even have to deal with IP addresses at that point, while still being able to self-host all your services, with the cheap VPS being a glorified switch/firewall.
Don’t expose your services directly to the internet. Instead rent a VPS and the use Wireguard to bring the traffic back home. In your home network your services should be in there own VLAN and everything should be isolated and sandboxed. Everything has the potential to be compromised so always practice least privilege and defense in depth.
Or just set up your home network and services properly. Ideally with reverse proxies and maybe a proper DMZ.
