Back again, "works easily" was a bit of an understatement :D at least when securiting the zones with TSIG sha256 and moving keys around in a secure maner (I had previously used md5 because of compability with fortigate) there is full support now to the extent that I can test with rfc 2136, there is a guide and docs available at https://dynip.dev/docs#integration-external-dns and https://dynip.dev/guides/external-dns and a complete snippet generator. Read the notes as there are a few considerations on policy and depending on mode.
Please have a go if you can and report back if you feel like it
Thanks! Tried it with (k)nsupdate, and it might be nice to add them into snippets and/or documentation. E.g., using the same placeholder names as in the documentation:
$ nsupdate # or knsupdate
> server update.dynip.dev
> zone YOUR_DOMAIN
> key hmac-md5:key-YOUR_DOMAIN YOUR_BASE64_KEY
> update add YOUR_DOMAIN. 300 IN A YOUR_IP
> send
Good points, don't be sorry. At this point in time there are knowns and unknowns, hopes and dreams and a big chunk of tech knowledge. Not as big on the design part but I think its ok for now
I'm not sure if the copy is also AI generated but I felt the same as the other commenter when reading it, although maybe I was influenced by the looks.
Thanks for all the excellent comments and questions, I will be bringing my daughter for swimming lessons for a few hours and will continue looking at the threads when I return.
This makes me really happy, like really really. It is the exact part of the /guide where things work together and not agaist or replace, synergy and happiness.
I like to believe that there are different use cases that play with different needs, I don't know your exact needs on the topic but it sounds like you have figured out what needs you have on a technical basis.
The idea is not really to never expose anything, almost the opposite or at least understand where on the internet different things live and be able to address them globally
It is not, the functionality is the same. I am trying to expand on the functionality to not only support a single setup. we support multiple update paths, validation, DNSSEC, Letsencrypt, byod domain etc. fleet management. It could be a battery powered esp node that you send to another country. there are multiple ways of doing the same thing and what I hope I am doing is making it accessible, easy and good looking.
Fortinet for example have a similar thing, you can within their web interface register a something.fortiddns.com or float-zone.com or others. but if you upgrade the fortigate with a newer model you need to get in touch with their support because the domain is locked to the old hardware.
syncology has their own, I mean there has never been more options, what I am doing is trying to bundle, connect and provide a platform for your own domains, that can support letsencrypt out of the box, that you can use multiple update paths with ipv6 if needed.
long reply, I am genuinely happy for the "why" questions as it allows me to speak about the platform :)
Tailscale is awesome, and Netbird is awesome, and Wireguard is awesome. It is a great time to be alive for sure. I have a guide that I wrote https://dynip.dev/guides/tailscale where I explain how and why they can exist
Agree that the OpenWrt DDNS scripts are a bit of a pain with keys secrets but the snippets function actually take the guess / how-does-it-work work out of the equation so I am pretty happy with that
Your guide sounds obviously written by an LLM. I think that's okay, and you might have directed the LLM's work, but don't say you wrote it; this misrepresents the guide as more carefully crafted and authoritative than it really is.
I would have been all over this a few months ago but I've recently been an enthusiastic convert to netbird recently. I had a look at your guide. I am using netbird reverse proxy to expose a few services and it's been pretty much flawless. It saves me from needing to set up port forwards or worry about a firewall.
Do you see an advantage or alternative benefits to also having a public dynamic DNS, because for me I am struggling to see any?
Okay well I guess we are still dealing with someone else's proxy in the way (also providing TLS termination which was a big thing I was after). So you share fates with that service. It's not just a case of hole punching via a relay.
It would be nice to get something like that also with easy TLS setup.
So many self replies :) happy to dive in a bit more at a later time to get your take on how the services work together. hope you found the /guide helpful
Please have a go if you can and report back if you feel like it
Thanks!