[HN Gopher] Duck DNS ___________________________________________________________________ Duck DNS Author : axiomdata316 Score : 90 points Date : 2023-08-05 18:03 UTC (4 hours ago) (HTM) web link (www.duckdns.org) (TXT) w3m dump (www.duckdns.org) | pseudosavant wrote: | Can someone inform me as to why some random dynamic DNS service | is trending on HN? I went to their site, read their FAQ, etc. | Nothing about this service seems unique compared to the countless | other dynamic DNS services out there. | | Am I missing something? | behindsight wrote: | Most likely related to the recent discussion about Cloudflare's | DNS handling 1.3T queries/day [0] | | You tend to get a few echoes relating to popular posts (or | comments from those posts that suggest alternatives and/or pros | and cons) | | 0: https://news.ycombinator.com/item?id=36984419 | RVRX wrote: | As much as I appreciate what they offer at no cost, I have | experienced more downtime from their service then I would like. | My Uptime Kuma dashboard reports a 99.98% 30-day uptime from | their service (mainly small 1-2min down-times every couple of | weeks), but I have experienced at least one 7ish hour period a | few months back where no duckDNS queries were resolving for any | domains I checked. And I never found any official source giving a | reason or even acknowledging this this outage. Again, free | service, I do appreciate what they offer. | juniperplant wrote: | Yeah I've noticed that too. I have a systemd service that | periodically updates a DNS record on duckdns.org and it fails | quite often. | ta8645 wrote: | It would be nice to be able to create an account that isn't | linked to such large corporations. The future seems to be that | these players will become gatekeepers, even for things that have | nothing to do with them. Piss Google Off? Lose access to your | DDNS account. | raphaelj wrote: | I've been using Duckdns for a few months, I cannot recommend | more! | dang wrote: | Related: | | _Duck DNS - About_ - | https://news.ycombinator.com/item?id=33367767 - Oct 2022 (48 | comments) | | _Duck DNS - free dynamic DNS hosted on AWS_ - | https://news.ycombinator.com/item?id=30539059 - March 2022 (100 | comments) | | _Duck DNS - free dynamic DNS hosted on AWS_ - | https://news.ycombinator.com/item?id=28383113 - Sept 2021 (1 | comment) | | _Free DNS from Duck DNS_ - | https://news.ycombinator.com/item?id=6425925 - Sept 2013 (2 | comments) | yellowapple wrote: | Their announcement about no longer supporting logging in via | reddit is interesting: https://www.duckdns.org/reddit.jsp | | Reddit's rationale for the C&D was that "Offering this login | option misleads and confuses consumers by implying Reddit's | endorsement, association or sponsorship of your application", | which is | | 1. complete bullshit; and | | 2. hypocritical, given that it's possible to log into reddit with | one's Google and/or Apple account | earth2mars wrote: | Why do they even capture any data if they don't have a plan to | use it. Why does anyone go with so much trust? | lolidk wrote: | This is pretty neat. There used to be free secondary (slave) DNS | and it was good. Nowadays not so much and I'm still looking for | some way to have secondary ns on a separate network because | that's how it's supposed to work. | foobarbecue wrote: | It's so sad that we need this. Consumers were all allowed to have | their own phone number -- why can't we all have static IPs? | dan_wood wrote: | IPv4 availability is low, IPv6 isn't implemented everywhere. | | My ISP don't hand them out and charge per IPv4 if you want | static at a lovely $10 per month. And they don't have IPv6 | implemented.. | trallnag wrote: | I don't mind having a dynamic IP that changes from time to time | (for example every time I restart my router or reconnect). The | real troublemaker is CGNAT. | | Actually, I prefer having a dynamic IP as it makes blacklisting | individual IPs useless. | briHass wrote: | I've been using them since I let my personal domain expire. The | personal domain on Namecheap allowed for DynDNS updating, but I | couldn't really justify the $10/y cost for no real gain. | | I use DynDNS for a Wireguard VPN with WG Dashboard hosted behind | my home firewall on a Proxmox CT (LXC). Works great for allowing | me to tunnel traffic on untrusted Wifi, and of course, to hit LAN | devices remotely. I'm lucky my home ISP (FIOS) doesn't cheap out | and CGNAT me like so many seem to be doing now. In the past, I | used to open 80/443 and self-host websites, but that's pretty | silly nowadays. | 7moritz7 wrote: | Duck DNS frequently gets abused to my knowledge, a lot of their | subdomains are in a phishing dataset I've seen | | Edit: yes | | > Unfortunately this service is often abused by phishers. | | https://www.malwarebytes.com/blog/detections/duckdns-org | jpalomaki wrote: | Some domain name registrars and dns providers also support | dynamic dns. For example Joker and NameCheap (likely many others | as well). | | [1] https://joker.com/faq/content/11/427/en/what-is-dynamic- | dns-... [2] | https://www.namecheap.com/support/knowledgebase/subcategory/... | LeoPanthera wrote: | Hurricane Electric DNS does too. No charge. | hardcopy wrote: | Google's was actually a really good implementation that was | pretty well supported (edgeOS and synology), too bad it's going | away. Switched to namecheap and its implementation is OK but a | bit crusty | ecliptik wrote: | Fond memories of using DDNS on old Netgear routers at home in the | aughts and port forwarding services with some rudimentary | firewall rules and tcpwrappers to try and lock down access. | | Now I use a combination of Tailscale[1] for private services only | to me and Tailscale Funnels[2], and Cloudflare Tunnels[3] for | public service exposure. | | This accomplishes the same thing I was doing with DDNS and my ISP | IP, but in a much more secure and stable manner. | | 1. https://tailscale.com/ | | 2. https://tailscale.com/kb/1223/tailscale-funnel/ | | 3. https://developers.cloudflare.com/cloudflare- | one/connections... | pheeney wrote: | Do you have any recommendations for tutorials on setting this | all up with docker? | | How do you connect outside the network? | | I am running DDNS to access my home services and it has been | very error prone and frustrating. I moved some services back to | the cloud because the bots were using all my DSL upload that we | didn't have enough bandwidth to work even with cloudflare | firewalls. | ecliptik wrote: | I have an artisanal handcrafted docker-compose stack for | them, so everything is containerized. It's on my todo to | write a blog post about the setup. | | There's an nginx reverse-proxy container in the stack that | routes traffic to the individual service containers via the | servername; eg nitter.tail.net goes to the nitter container, | teddit.tail.net goes to the teddit container, etc. | | The nginx proxy only listens on the Tailnet interface and | only accepts connections from the Tailnet CIDR, therefore any | device I have on my tailnet can access them. Letsencrypt is | also setup so everything is over https. | | This allows me to access them from my phone, laptop, whatever | when connected using Tailscale. | | Tailscale essentially let me completely remove any need for | port forwarding on my router and still have global access. | It's truly amazing. | chrisweekly wrote: | +1 for the blog post howto idea | heybrendan wrote: | +1 Would very much welcome you authoring something on this | topic. | metadat wrote: | If you wouldn't mind, any chance you can ping me once you | publish this? You can reach me at collect.metadat attt | gmail. | trallnag wrote: | Do you still secure your personal services with passwords? | ecliptik wrote: | Not the internal services. I have Letsencrypt setup for | services on my tailnet using the Cloudflare DNS plugin for | certbot so they're all over https. | | Combined with only allowing connections to hosts from the | Tailnet and https, forgoing passwords makes them easier to | manage and use. | | Granted most these personal services are things like | Audiobookshelf, Nitter, Plex, and Newsblur. While important | to me, they're not exactly high value targets. | | My internal Gitea is locked down more and has MFA enabled | since I always see git as something to secure. | trillic wrote: | Yes. | dan_wood wrote: | Since you're already using Cloudflare why did you choose | tailscale over Cloudflares WARP? | ecliptik wrote: | I don't use Tailscale Funnel as much, mostly on an adhoc | basis since _tailscale serve_ is relatively lightweight if a | host is already connected to a Tailnet. | | WARP is primarily used for long running services I have, like | GotoSocial or Lemmy that need public ingress over https for | federation. ___________________________________________________________________ (page generated 2023-08-05 23:00 UTC)