For anyone hosting their domain on Google Domains, there's a neat API endpoint they're offering for updating the DNS with a simple CURL. I've been using this for years now for a public Raspberry PI behind a home router that changes IPs every other day.
I don't know if it's relevant but there was an article the other day about how Google is phasing out username:password logins for most Google related services and APIs, so if you have a script running quietly for years doing this task, it might be worth double checking if it will continue to be fine. (It might be, if this u/p is unique to the domain as the docs suggest - but I thought I'd mention it just in case!)
Quick question, is there a reason the -k (--insecure) flag is included? I imagine that https://domains.google.com would use a cert trusted by curl so it seems unnecessary and adds a risk that your traffic could be MitM.
so I mentioned the same thing, though one thing to note (which I doubt duck dns helps with either). Is one can't use google's dynamic dns with AAAA records (i.e. ipv6). Personally, I think this is massive oversight on their part.
when I go into the web ui for my domain and go to create a dynamic dns name, it only gives me an option for only an A record.
My "guess" is that your solution is to create a normal AAAA record and ddclient can update that record with the info retrieved from checkipv6.dyndns.org? so not using google's UI to setup a AAAA dyn dns record? and my guess is that username/password scoping that you got for host4 worked the same for the "fake static" AAAA record?
or you could have the ability to create AAAA dyn dns records via the UI and for some reason I'm just blind.
Likely because the person/team that built this got their annual bonus for making something new and moved on to other things before ipv6 became relevant in their eyes.
It seems unsafe to me to be passing your username and password over the open every second day. Especially one that links to Google - which for the majority of people is their life.
As a side note - will the recent announcement by Google about unsafe logins being denied affect you?
~~It's still passing credentials for the entire account, rather than something explicity scoped to "just update these A records, and these A records only".~~
~~Also as the parent noted, Google have the last few years been very aggressive about "unsafe login" (using usr+pass outside of Google) and this might disappear.~~
Edit: Never mind, buried in the docs it appears the user:pass are scoped.
In this case, the username and password are NOT your Google credentials. When you set up a dynamic DNS subdomain in Google Domains, it autogenerates a username/password pair that is unique to that subdomain, and that's what you use.
What's more interesting is that DDG had disputes with Google over the ownership of the duck.com domain. Google was squatting on the domain and redirected it to Google (dirty tactic). But I guess it could just as easily have gone to the Oregon Ducks or some duck based website. (interestingly "ducks.com" doesn't go anywhere for me)
Google became the owner of Duck.com back in 2010 when it acquired On2 Technologies, a company formerly known as The Duck Corporation. It gifted the domain to DuckDuckGo in 2018
I have been using Cloudflare Tunnel for several months now to get around dynamic DNS requirements and port forwarding. It creates a secure tunnel between your server and their edge, and supports name-based service config (domain X points to localhost Y.) Downside is they only supports HTTP(s).
There is a free tier, although you need to provide them a full domain (not a subdomain) for it to work, and then each site/tunnel will create a subdomain. It does work with free domains like .tk if you really want to go that route.
There are also open-source alternatives using VPNs like Wireguard + nginx, but typically these solutions require you to run a publicly-accessible server already to host the proxy.
I'm currently on the search for a service to facilitate DDNS. Duck DNS seems popular, but I'm skeptical of things that are simply offered for free. What assurance do we have that Duck DNS is secure, or that it will not just disappear one day? The alternative that seems better to me is Namecheap with their API.
I cobbled together a bash script that used the cloudflare API to update the A record when my IP changed. It worked well.
Prior to that i used https://freedns.afraid.org which is free if you are willing to share your domain (people can create subdomains that point to their IP) or you can pay to keep it private. It's been around for a very long time, so it's unlikely to vanish. It's a very good service.
https://freedns.afraid.org has been running forever and a day, has thousands (?) of domain names donated for use, two APIs (v1 and v2), and the free tier is subsidized by paying premium members (premium gets extra features). Highly recommended.
Because then you have a ticking time problem. Some automatic service might just silently start failing deep in your tech stack. And yes, you can monitor that. But then your monitoring software might fail, etc.
I think I see your point, however, what I'm saying is I'd rather pay for something in exchange for some semblance of availability and security guarantees.
How does your router support Route53?
Does your router have a static IP address and you just created an entry in Route53 mapping a subdomain.example.com to the static IP of your router?
DuckDNS is a Dynamic DNS and can work with common dynamic IPs...
How do you update the entry in Route53 when the IP address of your router changes?
OPNSense saves an AWS keypair. When it detects my IP changes, it updates a Route53 record using the AWS API. It’s one of the options alongside a bunch of other DDNS providers.
My router supports no-ip and other dyndns providers. I expect if that particular router supports Route 53 than it'll do the same: just update the entry in Route53.
Gandi is my registrar! Yes, I'm a fan. I may be mistaken, but something I worry about after trying Gandi's API for Let's Encrypt is the API keys provide permission for everything. I would love it if the permissions could be narrowed down to specific domains, records, and operations on them... AWS Route53 comes to mind, but my router (OPNsense) didn't have it available as an option. :(
I can imagine. Last year I tried to sign up to create a domain for my home server. Despite having my own IP address and a Google account I pay for recaptcha v3 they use would not let me through.
I love DuckDNS but we seriously need a more automated and integrated solution to this kind of thing. It's the missing piece that holds self hosted back.
Something that:
* Lets you set up a domain with a single command
* Handles security for you. There shouldn't be any manual admin needed to make a secure context site
* Works offline on the LAN if possible, and on Yggdrasil meshes.
I should be able to buy a device, plug it in, then scan the QR code on it's display and be instantly taken to its website, no setup or account creation.
Unfortunately the web blocks all insecure requests from within secure contexts, and has no MDNS type functionality, so building a P2P solution with service workers or something is very hard/impossible.
DuckDNS is really almost there. It's the security that makes it hard, Let's Encrypt is not exactly consumer grade.
That is true but then again, it is designed to be used automated afaik may be thats why it became instant hit among developers.
There are services like ZeroSSL which would be a better fit for average user.
I've been using noip.com for my projects, works quite well except that you have to confirm you still want your noip domain reserved every once in a while. I'll try Duck Dns in my next project. Thanks for the share.
Be aware that Facebook Messenger blocks URLs with duckdns.org as unsafe links. The workaround is probably to find a cheap domain (not free, these are blocked as well) and attach it using CNAME.
I’ve been using DuckDNS for a couple of years now but one day I discovered that Reddit login is no more so I’m locked out of my account, still works though!
In the past I've tried using the free tier of other DynDNS services but with 2 commercial routers I had it always boiled down to the firmware being crap and having some bug that wasn't working with the free DynDNS.
Many people recommend OpenWRT but you need to plan in advance which router you are going to buy to be compatibile with OpenWRT and I never planned so much in advance.
I have used DuckDNS for nearly a decade. I highly, highly recommend them. It's never not worked, super simple to set up on any server or always on system, and just is exactly what you want if you're a hobbyist.
The only possible downside is that you end up with a url with "duckdns.org" in it, but I don't mind
If you have a machine running all the time anyways you can have it update the IP instead of the router. They have instructions for a bunch of different ways to do it on various OSs.
>We unfortunately do not allow use of Reddit’s API for account authentication with third-party sites or applications that have no partnership, affiliation, or connection with Reddit. Reddit does not offer or support “log in with Reddit” or “use Reddit” to login services. Use of any sort of button, including a “use Reddit” login button like the one currently featured on your site, is unauthorized.
I know it is significantly less easy and not free, but wouldn’t a dedicated $6 vps running a level 4 haproxy to get access be a lot safer? A script to ssh to the vps to update your backend ip is pretty trivial.
there's no cost to google besides the registration fee, if it's your zone, you're paying that fee anyways. The only way to not pay a fee is to go through a free dyndns provider that you have to use a hostname off of their zone.
Why AWS? How about we start building services that work anywhere instead of targeting a platform owned by a company that avoids paying billions in taxes?
Edit - I'll leave my original comment up but I originally thought this was a service that users could deploy themselves into their own AWS accounts which it is not. It is, as it says, a DDNS service which is free. The fact that it's hosted in AWS should be neither here nor there.
It kinda gives a sense of how it works. AWS means it's not just a handwritten script on a VPS somewhere, it's probably maintained with lots of automation, etc.
It kind of gives it a sense of professionalism for marketing purposes.
I'm familiar with DNS and read the FAQ. But, "Practically", it's used for external services(ssh, http) to get to your device. Right? Are there practical use differences?
It's a name system. It allows you to get the name, it does not provide access. You're basically saying "the yellow pages are the same as cell phone towers, they allow you to phone people".
Here are the docs: https://support.google.com/domains/answer/6147083?hl=en#zipp...