A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
No low-effort posts. This is subjective and will largely be determined by the community member reports.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
I'm new to self-hosting. All I did so far was install Ubuntu Server, enable SSH and tried setting up DuckDNS, which I could not set up automatic update of my IP following the documentation, neither updating manually through the website, which even though seems to be changed, when I ssh the domain, I get the initial IP
Anyone using DuckDNS? Is it working properly for you guys? Did I just mess something up?
What other DDNS providers would you recommend me?
i am using https://freedns.afraid.org/ for over a decade now and problems occured less than 5 times over that period. all others i ever tried were worse over time.
I’ve been using desec.io since it’s european, non profit and privacy oriented. Bring your own domain though. Works well, although my caddy plugin has problems getting certs sometimes. My pangolin instance never has any issues getting certs so might be caddy desec plugin specific.
My Domain registrar has a reverse DNS service included.
DuckDNS has long enough latency (over 2000ms) where Google Assistant can't connect. I moved to FreeDDNS and my Home Assistant issues went away.
DuckDNS was resolving slow as hell for me so I ended up picking up a cheap domain from Porkbun, they got API access and it seems most of the ddns tools support them too
This is a great question that is relevant for me this week. Been trying to set up a wireguard vpn and found I need a DDNS. Lots of good answers to look into in the comments. Thanks everyone.
Any DNS provider is good if they offer an API that lets you use PUT to modify DNS records. You can make a small bash script and crontab it. I also used DuckDNS for a while, and it worked fine.
I'm currently using https://ipv64.net/
Been using ddnss.de before that for some time, but they had some outages. No problems with ipv64 so far.
I ended up using Dynv6, great and simple serivce does exactly what I need. Made in Germany.
Me too. Draytek Router automatically updates the IP. Set it up once and it is working since 2-3 years (don't exactly rember when I set it up).
I put the curl command to update my duckdns IP in cron about 13 years ago, and have never needed to touch it once.
It's just worked for me
This. Never had an issue.
Oh wow, me too. And I just checked and it's still there, still works. The token is 10 years old.
DuckDNS had been unreliable when I used it, but it's been a while. I swapped over to desec.io but their signups aren't always open. Can highly recommend them though, and they offer many paths to update the IP, including DynDNS(2) protocol or just ddclient.
Also works with certbot for Let's encrypt certificates using dns challenge.
Same. I have a router with OPNsense. In the "Dynamic DNS" section I create a "Custom" service with the DynDNS2 protocol. I type in update.dedyn.io as the server address. You need to also get an api key from the desec.io web panel that you input into the username and password fields.
Now everytime the router's WAN ip changes it automatically edits the DNS zone. So instead of going "your server -> DDNS provider -> DNS CNAME record" it's just "your server -> DNS A record"
I also have a separate token for my web proxy (traefik) so that it can edit the DNS records to get let's encrypt certificates through dns challenge as you describe.
As for the desec signups in my case one DNS zone was no problem, but for a second one I needed to e-mail them:
Hello, would it be possible for my newly created account to get one more domain on the account please? I have two personal domains and it would be great if I could keep them both under deSEC
Hi [me], Sure! The limit is mostly there to remind users to enable DNSSEC, but it looks like you're already doing that (at your old provider).
They asked me to (voluntarily) donate, which I did too.
I am using DuckDNS and it's working perfectly for me. I use the DynDNS feature of my Fritz!Box to update my DuckDNS-IP. The documentation on their website is spot-on for me, even for my IPv6 and I never had any issues with DuckDNS.
What I like most about the service is the possibility to use subdomains like my-service.my-username.duckdns.org. I don't know whether this is a commong feature or not.
When you had problems updating your IP Adresse did you consider that DNS information takes some time to propagate through the internet? I think it is not guaranteed that you can access a recently changed domain.
How did you test your DuckDNS entries?
I used nsupdate for years and it worked just fine. I remember it being down, one time only, for like five minutes. For a project that depends entirely on donations, the service and availability they provide are just awesome.
I used to just use a script with cron to update Cloudflare DNS records but these days I don’t screw around with exposing anything to the public internet directly, I just use Tailscale.
Is there a difference between using Tailscale and Wireguard? I already have a Wireguard setup and want to know what benefits it has over Wireguard.
They’re similar but mainly Tailscale arranges WireGuard tunnels between peers. There are tons of useful features around that functionality like being able to route specific traffic through specific hosts (“nodes” using “app connectors”); it’s even better at finding a way out of hostile networks using relays.
Just as an example I typically use my VPS as an “exit node” so that all my traffic routes through it (which does a ton of tunnel hopping through commercial VPNs) while my wife isn’t into that at all, but both of us have Tailscale on our devices so when either of us accesses Home Assistant it’s routed directly to the host hosting it.
Also MagicDNS is great.
I have been using duckdns for a few years without issues. It should be simple enough , just set up a cron job with your details as listed on their site where you configure it. This keeps your dns entry up to date.
Another one I have seen recommended in here is afraid.org, adding it as haven't seen it mentioned yet.
I'm surprised the amount of people saying they have had no issues with DucksDNS. I've used it for about five years and had issues on and off with it being unresponsive many times.
Gave up and moved to afraid.org about a year back and that's been a very solid service ever since.
Can you do letsencrypt dns challenges against the free tier now? This was one reason I moved to duckdns. Plus I kept forgetting to login to keep the account alive so it would just stop working until I logged in and reactivated. Duckdns do emulate that experience with their random downtime though 😂
I use them. I also like their vibe and aesthetic
If you have a Mikrotik router, you can use its built-in Dynamic DNS, and configure a CNAME on your domain name
I had used duckdns for a while back in the day. Always worked great.
These days I have a domain at namecheap which provides a DynDNS feature as well so I'm using that.
I got my domain through namecheap. So, I just use them, they have a dynamicdns implementation. I setup a namecheapddns docker container that auto updates mine.
Same! Except I use windows and they have a small app that you can install and run in the background which will update the IP if needed.
I also used duckdns for years before moving to this and I never had any issues using that either. It was the same thing, small app that ran on your machine and you needed the token and it just worked.
Yep same DDClient is super simple to setup with name cheap. Followed ip address changes with very little if any down time. I've never noticed between ip changes.
Duck DNS works great... Most of the time. If you cannot accept downtime multiple times a year, get yourself a domain and a service like cloud flare instead. DuckDNS is free and you get more than you pay for, but the bar is low when the cost is zero.
Or just use two dns providers. I have duckdns and desec. That latter seems to be a bit faster and has't had any downtime for me so far.
I have dyndns. I don't recommend them, unless a coworker just gave you their lifetime pro account for free.
Thanks Roody, wherever you are!
I am using Dynu. It works fine and it's free, no complaints. Their app for Linux to update periodically didn't seem to work well from my experience, I just set up a cron job to do it instead.
Well, if you use DDNS I assume you have some kind of server behind that. I just self host a godns container. No need for any service except an DNS API. I use cloudflare. But my IP only changes rarely, so I can't tell you how fast that setup propegates
I’ve used no-ip.com for years without issue.
My NAS supports a few services out of the box. If you have anything like that, see what they support natively first.
For my server I bought a domain on loopia.se and pay for no other features than the domain name. On the Loopia website I then changed the DNS nameserver to Cloudflare and use a script to update the IP of my network. Cloudflare has some package you can install on Linux to update the IP but I never tried it.
You could be behind CGNAT - I'm not sure the best way to tell but it could be the reason.
I would also highly recommend buying a cheap domain to use - it would be the price of a coffee per year but makes life so much easier and you don't have to depend on duckdns. You can buy through cloudflare, porkbun or many other options which you can search for a good DDNS service to update them.
I read briefly about CGNAT, a d I think this is the case, checking the IP of my services with external services I get an IP different from the one I see in my machine. Tested more than one DDNS service and all updated my IP with the same "wrong" value.
How do I solve this? Should I contact my ISP and hope they can provide a solution?
Yeah, first try your ISP to see if you can get a dynamic or fixed IP instead. Check if their website/FAQ mentions dynamic IP or cgnat. They might outright reject it, or try to upgrade you to an extortionate business package though. I signed up for my service and checked the cgnat before signing up but they hadn't got around to updating their website that they changed their policy. After the surprise of being behind cgnat and after screenshotting their own website, I complained and hit upgraded to a higher level package for free.
You can use tailscale to get around it, but then you need to install it on all devices and login. You can use cloudflare tunnels and think you can set it to not require login for some services. Both rely on third parties. Both are also safer than exposing directly to the public internet.
If you want full control, you have to rent a cheap vps and setup a tunnel between that and your home server, then use the public IP of the vps for your services. Wireguard is probably the best choice for VPN. You could try pangolin, which is an open source cloudflare tunnel so is more complicated than a VPN but also includes a reverse proxy.
CGNAT does have a designated range by spec. 100.64.0.0/10, which covers addresses from 100.64.0.0 to 100.127.255.255. Technically they could be using any other private address space but it would be very uncommon in a modern ISP.
I didn't know that, thanks for sharing
Anything that supports bind's built-in nsupdate.
NoIP works great for me so far!
I use ddclient on my vps
I used duckdns for years without any issues at all. Only reason I switched is because I'm using Pangolin and tunneling instead of exposing my IP directly.