[HN Gopher] Duck DNS
___________________________________________________________________
Duck DNS
Author : axiomdata316
Score : 90 points
Date : 2023-08-05 18:03 UTC (4 hours ago)
(HTM) web link (www.duckdns.org)
(TXT) w3m dump (www.duckdns.org)
| pseudosavant wrote:
| Can someone inform me as to why some random dynamic DNS service
| is trending on HN? I went to their site, read their FAQ, etc.
| Nothing about this service seems unique compared to the countless
| other dynamic DNS services out there.
|
| Am I missing something?
| behindsight wrote:
| Most likely related to the recent discussion about Cloudflare's
| DNS handling 1.3T queries/day [0]
|
| You tend to get a few echoes relating to popular posts (or
| comments from those posts that suggest alternatives and/or pros
| and cons)
|
| 0: https://news.ycombinator.com/item?id=36984419
| RVRX wrote:
| As much as I appreciate what they offer at no cost, I have
| experienced more downtime from their service then I would like.
| My Uptime Kuma dashboard reports a 99.98% 30-day uptime from
| their service (mainly small 1-2min down-times every couple of
| weeks), but I have experienced at least one 7ish hour period a
| few months back where no duckDNS queries were resolving for any
| domains I checked. And I never found any official source giving a
| reason or even acknowledging this this outage. Again, free
| service, I do appreciate what they offer.
| juniperplant wrote:
| Yeah I've noticed that too. I have a systemd service that
| periodically updates a DNS record on duckdns.org and it fails
| quite often.
| ta8645 wrote:
| It would be nice to be able to create an account that isn't
| linked to such large corporations. The future seems to be that
| these players will become gatekeepers, even for things that have
| nothing to do with them. Piss Google Off? Lose access to your
| DDNS account.
| raphaelj wrote:
| I've been using Duckdns for a few months, I cannot recommend
| more!
| dang wrote:
| Related:
|
| _Duck DNS - About_ -
| https://news.ycombinator.com/item?id=33367767 - Oct 2022 (48
| comments)
|
| _Duck DNS - free dynamic DNS hosted on AWS_ -
| https://news.ycombinator.com/item?id=30539059 - March 2022 (100
| comments)
|
| _Duck DNS - free dynamic DNS hosted on AWS_ -
| https://news.ycombinator.com/item?id=28383113 - Sept 2021 (1
| comment)
|
| _Free DNS from Duck DNS_ -
| https://news.ycombinator.com/item?id=6425925 - Sept 2013 (2
| comments)
| yellowapple wrote:
| Their announcement about no longer supporting logging in via
| reddit is interesting: https://www.duckdns.org/reddit.jsp
|
| Reddit's rationale for the C&D was that "Offering this login
| option misleads and confuses consumers by implying Reddit's
| endorsement, association or sponsorship of your application",
| which is
|
| 1. complete bullshit; and
|
| 2. hypocritical, given that it's possible to log into reddit with
| one's Google and/or Apple account
| earth2mars wrote:
| Why do they even capture any data if they don't have a plan to
| use it. Why does anyone go with so much trust?
| lolidk wrote:
| This is pretty neat. There used to be free secondary (slave) DNS
| and it was good. Nowadays not so much and I'm still looking for
| some way to have secondary ns on a separate network because
| that's how it's supposed to work.
| foobarbecue wrote:
| It's so sad that we need this. Consumers were all allowed to have
| their own phone number -- why can't we all have static IPs?
| dan_wood wrote:
| IPv4 availability is low, IPv6 isn't implemented everywhere.
|
| My ISP don't hand them out and charge per IPv4 if you want
| static at a lovely $10 per month. And they don't have IPv6
| implemented..
| trallnag wrote:
| I don't mind having a dynamic IP that changes from time to time
| (for example every time I restart my router or reconnect). The
| real troublemaker is CGNAT.
|
| Actually, I prefer having a dynamic IP as it makes blacklisting
| individual IPs useless.
| briHass wrote:
| I've been using them since I let my personal domain expire. The
| personal domain on Namecheap allowed for DynDNS updating, but I
| couldn't really justify the $10/y cost for no real gain.
|
| I use DynDNS for a Wireguard VPN with WG Dashboard hosted behind
| my home firewall on a Proxmox CT (LXC). Works great for allowing
| me to tunnel traffic on untrusted Wifi, and of course, to hit LAN
| devices remotely. I'm lucky my home ISP (FIOS) doesn't cheap out
| and CGNAT me like so many seem to be doing now. In the past, I
| used to open 80/443 and self-host websites, but that's pretty
| silly nowadays.
| 7moritz7 wrote:
| Duck DNS frequently gets abused to my knowledge, a lot of their
| subdomains are in a phishing dataset I've seen
|
| Edit: yes
|
| > Unfortunately this service is often abused by phishers.
|
| https://www.malwarebytes.com/blog/detections/duckdns-org
| jpalomaki wrote:
| Some domain name registrars and dns providers also support
| dynamic dns. For example Joker and NameCheap (likely many others
| as well).
|
| [1] https://joker.com/faq/content/11/427/en/what-is-dynamic-
| dns-... [2]
| https://www.namecheap.com/support/knowledgebase/subcategory/...
| LeoPanthera wrote:
| Hurricane Electric DNS does too. No charge.
| hardcopy wrote:
| Google's was actually a really good implementation that was
| pretty well supported (edgeOS and synology), too bad it's going
| away. Switched to namecheap and its implementation is OK but a
| bit crusty
| ecliptik wrote:
| Fond memories of using DDNS on old Netgear routers at home in the
| aughts and port forwarding services with some rudimentary
| firewall rules and tcpwrappers to try and lock down access.
|
| Now I use a combination of Tailscale[1] for private services only
| to me and Tailscale Funnels[2], and Cloudflare Tunnels[3] for
| public service exposure.
|
| This accomplishes the same thing I was doing with DDNS and my ISP
| IP, but in a much more secure and stable manner.
|
| 1. https://tailscale.com/
|
| 2. https://tailscale.com/kb/1223/tailscale-funnel/
|
| 3. https://developers.cloudflare.com/cloudflare-
| one/connections...
| pheeney wrote:
| Do you have any recommendations for tutorials on setting this
| all up with docker?
|
| How do you connect outside the network?
|
| I am running DDNS to access my home services and it has been
| very error prone and frustrating. I moved some services back to
| the cloud because the bots were using all my DSL upload that we
| didn't have enough bandwidth to work even with cloudflare
| firewalls.
| ecliptik wrote:
| I have an artisanal handcrafted docker-compose stack for
| them, so everything is containerized. It's on my todo to
| write a blog post about the setup.
|
| There's an nginx reverse-proxy container in the stack that
| routes traffic to the individual service containers via the
| servername; eg nitter.tail.net goes to the nitter container,
| teddit.tail.net goes to the teddit container, etc.
|
| The nginx proxy only listens on the Tailnet interface and
| only accepts connections from the Tailnet CIDR, therefore any
| device I have on my tailnet can access them. Letsencrypt is
| also setup so everything is over https.
|
| This allows me to access them from my phone, laptop, whatever
| when connected using Tailscale.
|
| Tailscale essentially let me completely remove any need for
| port forwarding on my router and still have global access.
| It's truly amazing.
| chrisweekly wrote:
| +1 for the blog post howto idea
| heybrendan wrote:
| +1 Would very much welcome you authoring something on this
| topic.
| metadat wrote:
| If you wouldn't mind, any chance you can ping me once you
| publish this? You can reach me at collect.metadat attt
| gmail.
| trallnag wrote:
| Do you still secure your personal services with passwords?
| ecliptik wrote:
| Not the internal services. I have Letsencrypt setup for
| services on my tailnet using the Cloudflare DNS plugin for
| certbot so they're all over https.
|
| Combined with only allowing connections to hosts from the
| Tailnet and https, forgoing passwords makes them easier to
| manage and use.
|
| Granted most these personal services are things like
| Audiobookshelf, Nitter, Plex, and Newsblur. While important
| to me, they're not exactly high value targets.
|
| My internal Gitea is locked down more and has MFA enabled
| since I always see git as something to secure.
| trillic wrote:
| Yes.
| dan_wood wrote:
| Since you're already using Cloudflare why did you choose
| tailscale over Cloudflares WARP?
| ecliptik wrote:
| I don't use Tailscale Funnel as much, mostly on an adhoc
| basis since _tailscale serve_ is relatively lightweight if a
| host is already connected to a Tailnet.
|
| WARP is primarily used for long running services I have, like
| GotoSocial or Lemmy that need public ingress over https for
| federation.
___________________________________________________________________
(page generated 2023-08-05 23:00 UTC)