Probably good, but I want to stay away from anything related to Kubernetes. My experience is that it's an overkill black hole of constant debugging. Unfortunately. Thanks though!
exactly. I literally have a bash script that calls the API triggered by cron every 30 minutes. That's it. Are people seriously using a freaking docker container for this?
Ah, a history would be nice. I've been thinking of keeping some stats to monitor when the connection goes down, and how often my IP changes.
Fortunately I've kept the same IP since i changed ISPs a few months ago.
Personally I still think docker is overkill for something that can be done with a bash script. But I also use a Pi 4 as my home server, so I need to be a little more scrupulous of CPU and RAM and storage than most
Even if it is docker it’s still a bash script or something in the container right? Or are people referring to the docker CLI directly changing DNS records somehow?
My best guess is the reason to involve docker would be if you already have a cluster of containers as part of the project. Then you can have a container that does nothing but manage the DNS.
I would go for registering my own domain and then rent a small vps and run debian 12 server with bind9 for dns + dyndns. If you don't want to put the whole domain on your own name servers then you can always delegate a subdomain to the debian 12 server and run your main domain on your domain registrators name servers.
ClouDNS provides Free DNS, Cloud DNS, Managed DNS, GeoDNS and DDoS Protected DNS hosting with included web redirects, mail forwards and Round-Robin load balancing. Instant updates in Europe, North and South America, Asia and Australia.
@sith If this is useful we had a bit of a conversation about DynDns options a while back. Im currently using Hetzner with my subdomain names being dynamically updated. lemmy.ml/post/18477306
I guess you already know about the options, but for others:
Find the cheapest VPS out there and have a Wireguard tunnel between it and your home network. Run ddclient or similar on the VPS in case the public IP changes.
Yup, that's what I did. I even have my TLS servers running on my LAN as well, so once my ISP no longer puts me behind CGNAT, I just need to change my DNS settings and set up some port forwards on my router.
This is why I love yggdrasil. Thanks to having a VPS running it that all of my hosts globally can connect to, I can just use IPv6 for everything and reverse proxy using those IPv6 addresses where I need to. Once hosts are connected and on my private yggdrasil network, I stop caring about CGNAT or IPv4 at all other than to maybe create public IPv4 access to a service.
IPv6 doesn't help anything if you're behind CGNAT, you can have internal-only IPv6. There are good reasons to not have every household directly accessible to the outside world, so I'm sympathetic to that, but they also seem to love charging extra for it.
CGNAT only applies to IPv4. You cannot NAT IPv6 effectively. It's not designed to be NATed. While there IS provisions for private IPv6 addressing, nobody actually does it because it's pointless.
This entry was edited (Monday, December 16, 2024, 5:11 AM)
There are recommended approaches to best utilize global IPv6 addresses with NAT66. Read this article to find out when NAT66 can be used most appropriately.
Network Prefix Translation isn't the same thing. That's used for things like MultiWAN so that your IPv6 subnet from another WAN during a failover event can still communicate by chopping off the first half and replacing the subnet with the one from the secondary WAN. It is not NAT like in IPv4 and doesn't have all of the pitfalls and gotchas. You still have direct communications without the need for things like port forwarding or 1:1 NAT translations.
I'm a Network Engineer of over a decade and a half. I live and breath this shit. Lol.
Yes, it's not the same, but it can be used to bridge private addresses onto a public network, which is basically what NAT is trying to achieve. If you're running an ISP and don't want customers to be directly accessible from the internet, it seems reasonable. In an ISP setup, you would issue private net addresses and just not do the translation if the customer doesn't pay.
Yes, you can achieve the same thing another way, but I could see them deciding to issue private net addresses so customers don't expect public routing without paying, whereas issuing regular public IPv6 addresses makes it clear that the block is entirely artificial.
Fortunately there's a million companies that offer VPS with a static IP address for only few bucks a month. I set one up to run a wireguard VPN server which all my devices and home servers connect to as clients. I also configured everything to use a split tunnel to save bandwidth.
Normally when you're on a VPN all the network traffic to and from your device is going through the connection to the VPN server, e.g. browsing the internet, online games, etc. It can cause issues with other online services and uses bandwidth (cheap as it is) many VPS provider charges for.
A split tunnel tells the VPN client to only send certain traffic through the tunnel. My wireguard setup assigns IP addresses for the VPN interfaces in the subnet 192.168.2.x, so only traffic addressed to IPs on that subnet get sent through the tunnel. In wireguard it's a single line in the config file:
AllowedIPs = 192.168.2.0/24
This entry was edited (Monday, December 16, 2024, 9:53 AM)
Yeah this has been the biggest problem with hosting. For SMTP to work outbound you gotta have a good static IP. Everything else can be DDNSed. So either you get a business class connection or proxy through a VPS front end.
My ip updates maybe once every three months or so, but what i did was just write a script that checks the current ip and updates the domain registrar. My domain is on cloud flare, and they have an API through which I can do it. It's literally one POST request. There are solutions out there but I wanted a really simple solution I fully understand so I just did this. Script runs in cron every few hours and that's it.
I set it once like 6 years ago and forgot it wasn't something pre-installed and configured until I saw your comment. I was reading through the comments looking for the "you don't need to do anything, ddclient takes care of it"
used a bash script and a cron job for a long time, now the whole topic is one of the projects i regularly rewrite whenever I want to get my hands dirty with a new programming language or framework.
This entry was edited (Sunday, December 15, 2024, 9:26 AM)
Cloudflare DDNS updated by ddclient on my OpnSense router. Cloudflare happens to be my current domain registrar. Honestly, my IPv4 doesn't change that often. And when I used to be on Comcast, they assigned a block of IPv6 addresses and the router dealt with that. Unfortunately, I now have Quantum Fiber who only assign a single IPv6 address, so I gave up on IPv6 for now.
Just a practice I've had over the years with domains: separate your registrar and your DNS. If one goes down, or out of business, you can fix it if you still control the other and its accessible. If you have both of them in one place, it's really hard to get that domain transferred.
emax_gomax
in reply to mapumbaa • • •Brownian Motion
in reply to mapumbaa • • •Wow much detail. You're gonna get so much help.
mapumbaa
in reply to Brownian Motion • • •philthi
in reply to mapumbaa • • •mapumbaa
in reply to philthi • • •ShortN0te
in reply to mapumbaa • • •GitHub - qdm12/ddns-updater: Container to update DNS records periodically with WebUI for many DNS providers
GitHublike this
timlyo likes this.
dblsaiko
in reply to mapumbaa • • •Any registrar worth using has an API for updating DNS entries.
I just found this with a quick search: github.com/qdm12/ddns-updater
GitHub - qdm12/ddns-updater: Container to update DNS records periodically with WebUI for many DNS providers
GitHublike this
elgordino and timlyo like this.
mapumbaa
in reply to dblsaiko • • •DynamoSunshirtSandals
in reply to dblsaiko • • •jws_shadotak
in reply to DynamoSunshirtSandals • • •DynamoSunshirtSandals
in reply to jws_shadotak • • •Ah, a history would be nice. I've been thinking of keeping some stats to monitor when the connection goes down, and how often my IP changes.
Fortunately I've kept the same IP since i changed ISPs a few months ago.
Personally I still think docker is overkill for something that can be done with a bash script. But I also use a Pi 4 as my home server, so I need to be a little more scrupulous of CPU and RAM and storage than most
intensely_human
in reply to DynamoSunshirtSandals • • •Even if it is docker it’s still a bash script or something in the container right? Or are people referring to the docker CLI directly changing DNS records somehow?
My best guess is the reason to involve docker would be if you already have a cluster of containers as part of the project. Then you can have a container that does nothing but manage the DNS.
Jess
in reply to jws_shadotak • • •anamethatisnt
in reply to mapumbaa • • •I would go for registering my own domain and then rent a small vps and run debian 12 server with bind9 for dns + dyndns.
If you don't want to put the whole domain on your own name servers then you can always delegate a subdomain to the debian 12 server and run your main domain on your domain registrators name servers.
edit:
If your registrar is supported the ddns-updater sounds a lot easier.
GitHub - qdm12/ddns-updater: Container to update DNS records periodically with WebUI for many DNS providers
GitHubJeena
in reply to mapumbaa • • •Duck DNS
www.duckdns.orgconrad82
in reply to Jeena • • •SayCyberOnceMore
in reply to conrad82 • • •markstos
in reply to mapumbaa • • •Free DNS hosting, Cloud DNS hosting and Domain names | ClouDNS
ClouDNSleisesprecher
in reply to mapumbaa • • •Engywook
in reply to mapumbaa • • •ᕙ(⇀‸↼‶)ᕗ
in reply to mapumbaa • • •shortwavesurfer
in reply to mapumbaa • • •SaltySalamander
in reply to mapumbaa • • •abeorch
in reply to mapumbaa • •@sith
If this is useful we had a bit of a conversation about DynDns options a while back. Im currently using Hetzner with my subdomain names being dynamically updated.
lemmy.ml/post/18477306
lemmy.ml/post/18477306
Selfhosted reshared this.
ѕєχυαℓ ρσℓутσρє
in reply to mapumbaa • • •deSEC – Free Secure DNS
desec.iobigdickdonkey
in reply to mapumbaa • • •GitHub - ddclient/ddclient: Ddclient updates dynamic DNS entries for accounts on a wide range of dynamic DNS services.
GitHubdm_me_your_feet
in reply to mapumbaa • • •Solves ddns and https with a letsencrypt wildcard cert.
kchr
in reply to dm_me_your_feet • • •Hadn't heard about deSec until now, seems to be run by some cool privacy minded folks in Germany:
desec.io/
deSEC – Free Secure DNS
desec.ioShimitar
in reply to mapumbaa • • •sugar_in_your_tea
in reply to Shimitar • • •Shimitar
in reply to sugar_in_your_tea • • •kchr
in reply to Shimitar • • •I guess you already know about the options, but for others:
Find the cheapest VPS out there and have a Wireguard tunnel between it and your home network. Run ddclient or similar on the VPS in case the public IP changes.
Shimitar
in reply to kchr • • •sugar_in_your_tea
in reply to kchr • • •chronicledmonocle
in reply to sugar_in_your_tea • • •Andres
in reply to chronicledmonocle • • •sugar_in_your_tea
in reply to chronicledmonocle • • •chronicledmonocle
in reply to sugar_in_your_tea • • •sugar_in_your_tea
in reply to chronicledmonocle • • •You Thought There Was No NAT for IPv6, But NAT Still Exists
Scott Hogg (Infoblox Blog)chronicledmonocle
in reply to sugar_in_your_tea • • •Network Prefix Translation isn't the same thing. That's used for things like MultiWAN so that your IPv6 subnet from another WAN during a failover event can still communicate by chopping off the first half and replacing the subnet with the one from the secondary WAN. It is not NAT like in IPv4 and doesn't have all of the pitfalls and gotchas. You still have direct communications without the need for things like port forwarding or 1:1 NAT translations.
I'm a Network Engineer of over a decade and a half. I live and breath this shit. Lol.
sugar_in_your_tea
in reply to chronicledmonocle • • •Yes, it's not the same, but it can be used to bridge private addresses onto a public network, which is basically what NAT is trying to achieve. If you're running an ISP and don't want customers to be directly accessible from the internet, it seems reasonable. In an ISP setup, you would issue private net addresses and just not do the translation if the customer doesn't pay.
Yes, you can achieve the same thing another way, but I could see them deciding to issue private net addresses so customers don't expect public routing without paying, whereas issuing regular public IPv6 addresses makes it clear that the block is entirely artificial.
chronicledmonocle
in reply to sugar_in_your_tea • • •Just because you can doesn't mean anyone does. I've never seen an ISP hand out "private" IPv6 addresses. Ever.
If you're doing NAT on IPv6, you're doing it wrong and stupid. Plain and simple.
oatscoop
in reply to Shimitar • • •I'm in the same situation.
Fortunately there's a million companies that offer VPS with a static IP address for only few bucks a month. I set one up to run a wireguard VPN server which all my devices and home servers connect to as clients. I also configured everything to use a split tunnel to save bandwidth.
It's an added layer of security too.
virtual machine sold as a service by an Internet hosting service
Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)Shimitar
in reply to oatscoop • • •oatscoop
in reply to Shimitar • • •Normally when you're on a VPN all the network traffic to and from your device is going through the connection to the VPN server, e.g. browsing the internet, online games, etc. It can cause issues with other online services and uses bandwidth (cheap as it is) many VPS provider charges for.
A split tunnel tells the VPN client to only send certain traffic through the tunnel. My wireguard setup assigns IP addresses for the VPN interfaces in the subnet 192.168.2.x, so only traffic addressed to IPs on that subnet get sent through the tunnel. In wireguard it's a single line in the config file:
abeorch likes this.
Shimitar
in reply to oatscoop • • •I am doing split tunnel since years without knowing :)
Thanks, I learned something new.
CarbonatedPastaSauce
in reply to mapumbaa • • •douglasg14b
in reply to CarbonatedPastaSauce • • •Way too much for sure.
Just the business internet to get the foot in the door for a static IP 5x's the cost of my Internet.
It's actually cheaper to just have DC IPs and proxy through hosted containers. Which is kind of crazy.
Negative aspect is that DC IPs aren't treated very nice.
kalpol
in reply to douglasg14b • • •PieMePlenty
in reply to mapumbaa • • •downhomechunk
in reply to mapumbaa • • •mbfalzar
in reply to downhomechunk • • •Bakkoda
in reply to mapumbaa • • •Ryan
in reply to mapumbaa • • •irotsoma
in reply to mapumbaa • • •ikidd
in reply to irotsoma • • •GreenKnight23
in reply to mapumbaa • • •Possibly linux
in reply to mapumbaa • • •Pika
in reply to mapumbaa • • •