I’m starting to play with an old laptop that I have installed Ubuntu Server on, with Nextcloud and Docker.
Using Docker Compose I installed Nginx and now I would like to try to do the DDNS thing on a domain that I registered with an Italian provider.
I looked at a few DynDns providers and they seem to me to be all American or in any case on American infrastructure (DuckDNS on AWS, etc)
Is there anything you can recommend that is EU-based and who has a good reputation in general?
Free is preferred.
Pretty sure you’d be better of with a tunnel like Cloudflare Tunnels, Tailscale, or something similar. They couldn’t care less if your ip address changes. Of course Cloudflare is a big corp and doesn’t fit your bill but it’s the idea I mean not the corp and it is probably the most well known
I’m not sure what you mean by non-spying, but you should be prepared for anything you put on the Internet to be poked by any number of people that you do not want poking. If whatever you are hosting would be compromised by having a DNS name, you might want to rethink your security plan.
I am studying how to enact a good security at the same time. This is all first-approach and pure experimentation for me, albeit extremely enriching since I feel I am really learning how the Internet actually works, so please excuse my inaccurate language and maybe pointless requirements.
Honestly, that is awesome! Absolutely try things. Seeing what works and doesn’t is a great way to learn. The sneaky thing about hiding is that it works great until it fails utterly. (Security through obscurity.) I’m sure everyone who says “don’t do that” says it because they left some random thing open once and it was a disaster. (I lost a private wiki with all my notes back in the day.)
Keep at it. ;)
Thanks for the encouragement!
Today I learned (after banging my head against the wall for 2 days) what a CGNAT is.
So, no port forwarding for me (no IPv6 either, only IPv4).
I use caddy v2 reverse proxy to automatically change the DNS records on my domain, I recommend you try that as well.
Are you sure you need DYNDNS? My ‘dynamic’ IP address changes so rarely that I just update my DNS entries manually when it does.
Could you elaborate on the “non-spying” bit? There’s not much they can infer from people looking up your IP. Unless you run their daemon that updates the IP, as opposed to curl in cron.
Look into self hosting pangolin on VPS. I have it hosted at infomaniak.ch - it’s basically a self hosted cloudflare tunnel, so you are not exposing your IP. These days this is absolutely preferred over using dyndns and exposing your IP.
Most registrars also run DNS servers as part of the fee you pay for the domain. Usually they have an API. You can just use that to implement Dynamic DNS, there are even often tools for it. Do a search for your DNS registrar and dyndns.
Will call and ask them directly tomorrow.
Thanks for the info.
Domains registered at OVH include this (and 100mb webspace + one 5gb email address) for free.
Can recommend OVH, they are great and have DNS API
Afraid.org is better than DuckDNS. (DuckDNS is not reliable and have been slow or down a lot.)
But it is still American.
You might try DNS4EU: 86.54.11.1 86.54.11.201 DoH: https://protective.joindns4.eu/dns-query DoT: protective.joindns4.eu
That seems to be for dns resolving, not for ddns? Or am I missing something?
I have looked at it already and I didn’t find anything that wasn’t a resolver.
I’m sorry, its been a long day.
DNS4EU doesn’t provide DDNS service, you are correct. Checkout deSEC, they partner with DNS4EU and the EU as part of the initiative to limit dependency on US based infrastructure.
This one has been suggested also in other threads, seems like the best option.
One thing I noticed is that virtually all the EU DDNS providers are German. Is there a reason for it?
Germany’s legislation is largely spearheading the effort. They aren’t trying to build the infrastructure to support it, they already have the infrastructure. They are one of if not the biggest GDPR actors and have a large datacenter presence through companies like Hetzner and DE-CIX.
I know Hetzner but never heard of DE-CIX. I know they have spearheading companies in many respects, but cannot reconcile those efforts and sensibility with ChatControl.
Germany hasn’t officially endorsed ChatControl, and groups like Hetzner outright oppose it. In the US, ChatControl takes the form of the LAED Act and the EARN IT Act. All three focus on this appeal to emotion that to protect kids we need to get rid of end-to-end encryption. Legislators are pretty fucking dumb when it comes to this stuff, though. They don’t understand that if they have a backdoor to encryption, everyone has a backdoor to encryption.
