For anyone hosting their domain on Google Domains, there's a neat API endpoint they're offering for updating the DNS with a simple CURL. I've been using this for years now for a public Raspberry PI behind a home router that changes IPs every other day.
I don't know if it's relevant but there was an article the other day about how Google is phasing out username:password logins for most Google related services and APIs, so if you have a script running quietly for years doing this task, it might be worth double checking if it will continue to be fine. (It might be, if this u/p is unique to the domain as the docs suggest - but I thought I'd mention it just in case!)
Quick question, is there a reason the -k (--insecure) flag is included? I imagine that https://domains.google.com would use a cert trusted by curl so it seems unnecessary and adds a risk that your traffic could be MitM.
so I mentioned the same thing, though one thing to note (which I doubt duck dns helps with either). Is one can't use google's dynamic dns with AAAA records (i.e. ipv6). Personally, I think this is massive oversight on their part.
It seems unsafe to me to be passing your username and password over the open every second day. Especially one that links to Google - which for the majority of people is their life.
As a side note - will the recent announcement by Google about unsafe logins being denied affect you?
What's more interesting is that DDG had disputes with Google over the ownership of the duck.com domain. Google was squatting on the domain and redirected it to Google (dirty tactic). But I guess it could just as easily have gone to the Oregon Ducks or some duck based website. (interestingly "ducks.com" doesn't go anywhere for me)
I have been using Cloudflare Tunnel for several months now to get around dynamic DNS requirements and port forwarding. It creates a secure tunnel between your server and their edge, and supports name-based service config (domain X points to localhost Y.) Downside is they only supports HTTP(s).
There is a free tier, although you need to provide them a full domain (not a subdomain) for it to work, and then each site/tunnel will create a subdomain. It does work with free domains like .tk if you really want to go that route.
There are also open-source alternatives using VPNs like Wireguard + nginx, but typically these solutions require you to run a publicly-accessible server already to host the proxy.
I'm currently on the search for a service to facilitate DDNS. Duck DNS seems popular, but I'm skeptical of things that are simply offered for free. What assurance do we have that Duck DNS is secure, or that it will not just disappear one day? The alternative that seems better to me is Namecheap with their API.
I cobbled together a bash script that used the cloudflare API to update the A record when my IP changed. It worked well.
Prior to that i used https://freedns.afraid.org which is free if you are willing to share your domain (people can create subdomains that point to their IP) or you can pay to keep it private. It's been around for a very long time, so it's unlikely to vanish. It's a very good service.
https://freedns.afraid.org has been running forever and a day, has thousands (?) of domain names donated for use, two APIs (v1 and v2), and the free tier is subsidized by paying premium members (premium gets extra features). Highly recommended.
I can imagine. Last year I tried to sign up to create a domain for my home server. Despite having my own IP address and a Google account I pay for recaptcha v3 they use would not let me through.
I love DuckDNS but we seriously need a more automated and integrated solution to this kind of thing. It's the missing piece that holds self hosted back.
Something that:
* Lets you set up a domain with a single command
* Handles security for you. There shouldn't be any manual admin needed to make a secure context site
* Works offline on the LAN if possible, and on Yggdrasil meshes.
I should be able to buy a device, plug it in, then scan the QR code on it's display and be instantly taken to its website, no setup or account creation.
Unfortunately the web blocks all insecure requests from within secure contexts, and has no MDNS type functionality, so building a P2P solution with service workers or something is very hard/impossible.
DuckDNS is really almost there. It's the security that makes it hard, Let's Encrypt is not exactly consumer grade.
I've been using noip.com for my projects, works quite well except that you have to confirm you still want your noip domain reserved every once in a while. I'll try Duck Dns in my next project. Thanks for the share.
Be aware that Facebook Messenger blocks URLs with duckdns.org as unsafe links. The workaround is probably to find a cheap domain (not free, these are blocked as well) and attach it using CNAME.
I’ve been using DuckDNS for a couple of years now but one day I discovered that Reddit login is no more so I’m locked out of my account, still works though!
In the past I've tried using the free tier of other DynDNS services but with 2 commercial routers I had it always boiled down to the firmware being crap and having some bug that wasn't working with the free DynDNS.
Many people recommend OpenWRT but you need to plan in advance which router you are going to buy to be compatibile with OpenWRT and I never planned so much in advance.
I have used DuckDNS for nearly a decade. I highly, highly recommend them. It's never not worked, super simple to set up on any server or always on system, and just is exactly what you want if you're a hobbyist.
The only possible downside is that you end up with a url with "duckdns.org" in it, but I don't mind
If you have a machine running all the time anyways you can have it update the IP instead of the router. They have instructions for a bunch of different ways to do it on various OSs.
>We unfortunately do not allow use of Reddit’s API for account authentication with third-party sites or applications that have no partnership, affiliation, or connection with Reddit. Reddit does not offer or support “log in with Reddit” or “use Reddit” to login services. Use of any sort of button, including a “use Reddit” login button like the one currently featured on your site, is unauthorized.
I know it is significantly less easy and not free, but wouldn’t a dedicated $6 vps running a level 4 haproxy to get access be a lot safer? A script to ssh to the vps to update your backend ip is pretty trivial.
Why AWS? How about we start building services that work anywhere instead of targeting a platform owned by a company that avoids paying billions in taxes?
Edit - I'll leave my original comment up but I originally thought this was a service that users could deploy themselves into their own AWS accounts which it is not. It is, as it says, a DDNS service which is free. The fact that it's hosted in AWS should be neither here nor there.
It kinda gives a sense of how it works. AWS means it's not just a handwritten script on a VPS somewhere, it's probably maintained with lots of automation, etc.
It kind of gives it a sense of professionalism for marketing purposes.
mittermayr|4 years ago
Here are the docs: https://support.google.com/domains/answer/6147083?hl=en#zipp...
petercooper|4 years ago
haxxorfreak|4 years ago
Quick question, is there a reason the -k (--insecure) flag is included? I imagine that https://domains.google.com would use a cert trusted by curl so it seems unnecessary and adds a risk that your traffic could be MitM.
remram|4 years ago
Does this mean Let's Encrypt dns-01 challenges could be automated?
[edit: Oh the API only allows changing an A record, for dynamic DNS, not updating anything else in the zone. That makes more sense.]
compsciphd|4 years ago
nickweb|4 years ago
As a side note - will the recent announcement by Google about unsafe logins being denied affect you?
jzzskijj|4 years ago
godelski|4 years ago
treesknees|4 years ago
There is a free tier, although you need to provide them a full domain (not a subdomain) for it to work, and then each site/tunnel will create a subdomain. It does work with free domains like .tk if you really want to go that route.
https://developers.cloudflare.com/cloudflare-one/connections...
There are also open-source alternatives using VPNs like Wireguard + nginx, but typically these solutions require you to run a publicly-accessible server already to host the proxy.
anaganisk|4 years ago
1MachineElf|4 years ago
pygar|4 years ago
Prior to that i used https://freedns.afraid.org which is free if you are willing to share your domain (people can create subdomains that point to their IP) or you can pay to keep it private. It's been around for a very long time, so it's unlikely to vanish. It's a very good service.
ringworld|4 years ago
k8sToGo|4 years ago
tikkabhuna|4 years ago
[0] https://github.com/ddclient/ddclient
btgeekboy|4 years ago
blowfish721|4 years ago
nextlevelwizard|4 years ago
Lammy|4 years ago
alpenbazi|4 years ago
fomine3|4 years ago
lewantmontreal|4 years ago
eternityforest|4 years ago
Something that:
* Lets you set up a domain with a single command
* Handles security for you. There shouldn't be any manual admin needed to make a secure context site
* Works offline on the LAN if possible, and on Yggdrasil meshes.
I should be able to buy a device, plug it in, then scan the QR code on it's display and be instantly taken to its website, no setup or account creation.
Unfortunately the web blocks all insecure requests from within secure contexts, and has no MDNS type functionality, so building a P2P solution with service workers or something is very hard/impossible.
DuckDNS is really almost there. It's the security that makes it hard, Let's Encrypt is not exactly consumer grade.
anaganisk|4 years ago
adrianomartins|4 years ago
RicoElectrico|4 years ago
scim-knox-twox|4 years ago
DDG (unfortunately) is bigger and bigger with every year. They are developing desktop browser, email proxy etc.
I wouldn't be surprised if they'd lunched DDGDNS.
samtheprogram|4 years ago
mattrighetti|4 years ago
giorgioz|4 years ago
m-s|4 years ago
mrguyorama|4 years ago
The only possible downside is that you end up with a url with "duckdns.org" in it, but I don't mind
bullen|4 years ago
goosedragons|4 years ago
awill|4 years ago
quyleanh|4 years ago
Darmody|4 years ago
I used an old Android phone with their app to keep the IP updated. Like the old no-ip but without a PC.
passerby1|4 years ago
Dma54rhs|4 years ago
fuzzfactor|4 years ago
When a pro duck needs another roll of duct tape from his industrial supplier, they just put it on his bill and he's good to go.
k8sToGo|4 years ago
softwarebeware|4 years ago
aidog|4 years ago
FastEatSlow|4 years ago
zsolt_terek|4 years ago
spants|4 years ago
mlatu|4 years ago
slig|4 years ago
ectospheno|4 years ago
k8sToGo|4 years ago
ctxc|4 years ago
dynamohk|4 years ago
compsciphd|4 years ago
vetinari|4 years ago
shoelessone|4 years ago
alimbada|4 years ago
Edit - I'll leave my original comment up but I originally thought this was a service that users could deploy themselves into their own AWS accounts which it is not. It is, as it says, a DDNS service which is free. The fact that it's hosted in AWS should be neither here nor there.
eternityforest|4 years ago
It kind of gives it a sense of professionalism for marketing purposes.
unknown|4 years ago
[deleted]
vorejdajo|4 years ago
remram|4 years ago