I got a homelab, at the moment I am only running some local stuff and tailscale to reach my stuff remotely.
I can use tailscales ddns, but I would like a real domain. Is there a domain registrator that works with dynamic ips? Or do I need to use a CNAME instead of A record?
It really depends on the company that you use to manage the domain’s DNS. As long as they have an API to update DNS records…
For example, I can have my domain at Porkbun and have its DNS managed at Cloudflare. Cloudflare allows updating DNS records via API…so there’s programs to update it. Some routers even support it.
Worst case, you can set up a service like duckdns and have your domain, via cname, point to the duck DNS subdomain.
There’s options.
Porkbun also has an api for updating records.
I think using the cloudflare API is the way to go. You could probably set up an internal service that translates your home router’s dyndns request to a cloudflare API call.
Only if you had root access to your router. It’s a lot easier to write or find a very simple update script and schedule it to run every now and then via crontab.
The daemon script is simpler, true. but usually you can just point your router at some dyndns URL and you could put an internal IP for that.
All domains works with Dynamic IPs - it all depends on what DNS-provider you use :) Provider like Cloudflare ( I do not recommend Cloudflare) and afraid.org both offer dynamic DNS.
Do you recommend afraid.org?
Afraid.org is great :) I do recommend
Why don’t you recommend Cloudflare?
It is a giant MITM proxy, and whoever who has access to their logs have the potential to gain a lot of control
Don’t have to use their proxy. My gateway router uses cloudflare to set the IP via the API and I just use self-signed certificates. A record resolves to my gateway, not some cloudflare server.
They also do a lot of work in the privacy space. Encrypted Client Hello to protect SNI came from them.
If you use any company for TLS termination they can MITM (e.g. AWS certificate manager).
Its market share defeats the point of self-hosting.
Yea, that’s right. What I was looking for was like one stop shop. Where I can pay for my domain and dns needs. My current domain registrator does not have dynamic dns, so I have to use a CNAME from another place with a ddns.
Since your name is Hemlig, I assume you are from the Nordics. Loopia has support for dynamic DNS.
There are many ways to update dns automatically, I have used this container in the past. You could probably even write a bash script/cron job that checks your IP and updates it with curl depending on your DNS provider.
If you are already running tailscale you may be interested in using a funnel, which lets you accept and route internet traffic to your tailnet. I don’t use tailscale so can’t comment on how good/bad/useful this is.
You could also run some sort of service like frp from some remote box (like a VPS in DO/Linode/etc). This or the funnel lets you not expose/advertise your home IP address if that is a consideration.
Oooh thanks for the tip about
frp
. Interesting.I usually use autossh to establish a persistent port tunneling but sometimes got frustrated with the performance of the encrypted tunnel for some use case. Sometimes I don’t need encryption, but need to saturate my nic. frp seems to fit this use case.
I actually just migrated things to a setup that is pretty neat using FRP: I run frps on 2 Linodes in the same datacenter and have set up IP sharing for failover between them (which is a neat feature Linode, Vultr and probably a few others offer), and then I run 4 frpc’s, two for each frps in case one of them breaks somehow. Lots of redundancy without all that much effort.
It sounds pretty awesome. Just wondering if adding additional complexity to the setup is worth it to obfuscate my home IP. Easily setting up redundancy is a good feature in that regard though.
Cloudflare, Porkbun, Namecheap and many other registrars offer dynamic DNS via API or a ddns client very easy to setup.
CloudFlare ZT tunnels coupled with an Azure AD. Work’s amazingly with their containers to keep the tunnel alive.
What is Azure being used for?
using azure ad for user authentication. azure ad is free but i have a paid o365 so i use that to authenticate against for access to my containers that have a fqdn attached/directed to it. and most of the containers/apps have sso with azure ad integration option available so no more logging into each single app/container.
That is brilliant. I haven’t thought about SSOing my homelab.
Does your ISP support IPv6?
Silly as it is, many ISPs hand out dynamic IPv6 prefixes that may change once in a while. Or “dynamic” prefixes that never seem to change (but are not guaranteed never to change).
The reason is of course that they like being able to charge extra for static IPv4 addresses, and they see no reason to get rid of that revenue source for IPv6.
I think I can ask them about it. Never really used ipv6. Maybe that’s even better. Then I can maybe use more than one IP even. I don’t know how the ISPs deal with it. Do I only get one for my router, or can I get a bunch of them… hmm
with IPv6 you are able to address your internal network devices directly without port forwarding. Just make sure your router and other gear support it so you have everything you need.
This is the way.
Yea, my stuff supports it. But I never checked out how the ISPs is dealing with it. I will check it out!
If you have a static IPv6 address you can host your own authoritative DNS locally and use it for IPv4.
Do you want the host to be accessible fully from any host, or do you control all hosts you want to access it?
For mine, all the devices I want to access my personal host I have setup zerotier, and then pointed cloudflare at my zerotier address.
Any device I want to access my host (outside of my local network) requires zerotier.
I don’t want anything outside of my control accessing my host
I used No-IP for this very thing many years ago (using a domain on a server with a dynamic IP, anyway). I don’t know how it is now, but a quick search shows it is still around.
No-IP has been great for me for about a year now. No complaints.
ZoneEdit.com has a free plan with dynamic DNS for at least one „real“ domain (domain registration not included). It‘s not the most user friendly UI but super powerful. You can pretty much add any DNS record you like.
I use cloud flare DNS and it has support for dynamic IPs, my current setup is through a plug-in in my PFSense router
CloudFlare ZT tunnels coupled with an Azure AD. Work’s amazingly with their containers to keep the tunnel alive.
If you don’t mind that it’s Google, then Google Domains has exactly what you’re looking for.
They literally just killed that.
Well shit, I guess I gotta start looking for a replacement. It’s one of the few Google services I still use.
Thanks for the heads up, must has missed that news.
Heh, no problem!
As for where to go, people seem to really like Gandi, also keep hearing good things about Porkbun, I myself am very happy with INWX. Take that for what you will :p
Heh. I actually have all my other domains with porkbun and have had a great experience!
I setup my ddns domain with google before I moved to porkbun so I never looked at those features. I’m about to revamp a lot of my setup and now have more to do… I’ll check out inwx.
Gandi was recently purchased, and and is slowly going down the drain. I moved all my domains and emails to porkbun.
Ouch. Good to know.
Can you tell me a bit about INWX? Likes, dislikes, how they do things etc.? I’m also looking into an alternative to Gandi, I’ve narrowed it down to INWX vs Netim (I have lots of European ccTLD) so far.
They killed Google Domains?!
Nothing is safe from the Graveyard.
Pro Dynamic DNS service from noip.com will let you have dynamic dns using your own domain names for $20/mo.
$20/mo?! When free alternatives exist, why would anybody do this?
noip is supported by almost all consumer routers, so you’re probably paying for convenience. For homelabbers with a bit of scripting skill, it’s completely unnecessary though.
Emphasis on “a bit,” it truly is a simple task to automate. I don’t think that anyone who has need for dynamic DNS should realistically have much trouble tackling that problem.
For anyone who might attempt this and isn’t sure how, here’s what you need. You need a service controlling your domain with API support for updating your DNS records - some have been mentioned here, I just use gandi.net. You need to enable the API for your account/domain. Figure out how to run the command you need against the API from a scripting language of your choice - there should be documentation for the API, and it should be a single API call. Figure out how to determine your server IP from within the same scripting language. Then, write your simple script that determines the right IP and updates the record if it doesn’t match.
All you need to do then is automate running the script - on Linux, a cron job or a systemd service and timer.
Figure out how to determine your server IP from within the same scripting language.
My go to way to figure out my public IP address is
curl ip.me
. Very handy and easy to remember.My router actually has a UPnP API that I can request and get my external IP, which I like so I can poll it every few seconds and not worry about rate limiting or something.
Meanwhile, my ISP would often rotate their customer behind their CGNAT, so the IP address from the routers upnp would often return 10.x.x.x . One of the main reason I gave up using dynamic DNS and use Tailscale instead.
Port forwarding wouldn’t work anyway with CGNAT, so I don’t think that’s much of an issue.
I am unaware of any free services that allow you to use your own domain.
I am unaware of any free services that allow you to use your own domain.
Several do, including afraid.org, which I use. Other similar services were recently discussed here in this thread.
Thank you for the info!