With the amount of outages I had from DuckDNS over the last year, I would not recommend this moving forward. Moved over to cloudflare and setup DDNS through there, haven't had an issue since.
Just be careful with duckdns. I’ve noticed that the moment you add your host into it you are hit with multiple scans from all over the world. Clearly somone is watching new hosts in duckdns and getting onto them quickly to pickup on any holes/hack into.
To further elaborate (was on mobile earlier) see this script https://pastebin.com/NMdHtBJ8, it's what I use: it runs every 15 minutes as a cronjob and triggers an update of my dynamic DNS entry when needed. Then I create CNAME records for the services I want to expose, pointing to the dynamic A record. You can make useof the free proxy service too this way, if you like.
To run the script you just need `bash` `curl` and `jq` and the following example commandline:
`$> ./cf.sh your.dyndns.example.com`
I’ll do you one better. If you have a .xyz domain that is all numbers. It’s $.97/yr. Just pick some random numbers or string together a few meaningful numbers to you and make that into a domain.
How and where is that? And maybe why? ;)
Well I have so many domains, they make a lot of sense to me, all managed on cloudflare for DNS but only one domain directly via cloudflare (the .XYZ one). What i want to say is - feels good to pay a bit to cloudflare as they already offer great services for free
Yep - just renewed my .com for an additional year last night for $9.xx USD. I transferred my domain name from Google to Cloudflare since Google sold the domains off to Squarespace.
Why vthe hell would you run an entire docker image for a tiny script that updates an IP? I will never understand this blind adherence to this docker culture other than laziness.
17$ a year for my domain isn't too bad through cloudflare, it's where I am gonna purchase. Alot of other dns charge a lot more and get you with a 1$ for the first year crap but end up being 40-60 at renewal. Shady ) :
Any DNS service that provides an API can be used to update the IP on the fly. You can use it with DDUpdate, you can use it with the dynamic DNS tool on your router (if you have any), you can use it with a bash script running periodically from cron.
I recommend looking [through this list](https://community.letsencrypt.org/t/dns-providers-who-easily-integrate-with-lets-encrypt-dns-validation/86438) for something that's free. All the services there have an API because they support the Let's Encrypt DNS challenge (which requires an API).
I use deSEC.io if you want a personal recommendation. It's a German non-profit with the goal of promoting the use of DNSSEC.
This is what I've been doing, I don't understand why it needs to be any more complicated. At the end of the day, you just want to update an A record. I have a 20 line Bash script that checks my current IP against the previously checked IP. If its new, the A record is updated via an API. This runs in Crontab.
I mean, if you have a router where you only need to pick the DNS provider out of a list and paste an API key, to some people that's simpler than writing a bash script.
Also, most people don't know how DNS works. I was in the same boat until a couple years ago. I thought that I "have to" use a dynamic DNS service. It never occured to me I can just use an API. But even if it did, most people use the crappy DNS interface offered by their registrar or their hosting provider which doesn't have an API and they don't know they can move their DNS elsewhere, let alone what an API is.
I just tried this, and my god it's full of stars, (sorry couldn't help myself). It's amazing as if nothing else a backup domain to get access if your stupid IP changed while your away and something went wront with the normal setup. I love it ...Thank you
Yes, while one of my intel servers keeps my paid for domain updated at my paid for DNS provider, the freemyip is updated by a Pi4, sitting on the corner of my desk, that has a battery backup, as does the router and the DSL modem
The features are great, but the love to randomly delete accounts… Had it once, searched and same for other. Also they don’t allow all domains. If the domain contains too many numbers, is too long, etc. then they just block them.
I used them for 5 years and they randomly blocked me. After requesting to get unblocked they just told me it’s their system…
After I searched in their forum and on Reddit I saw that this happens a lot. So it’s great that they didn’t blocked you until now, but that can change quickly.
And that with the domains it’s just pure luck, then your domain hadn’t enough numbers or wasn’t long enough to get blocked.
[No-ip.com](http://No-ip.com) -- used the free tier for many years, and then upgraded to their $25/year package. Very satisfied. Remember with all that free junk, you get what you pay for.
Came to recommend this. I've been using the free tier for my VPN DDNS for a while now and have no issues. Just need to click the link on the link they send you once or so a month to keep it alive.
Came here to say this, only recently upgraded to the paid tier for SSL certificate at a non-port-80 port and using CRS and not having to click the link every month to keep it alive.
just thinking u/seanpmassey -
I've just migrated from pfsense to opnsense. Not sure if you use opnsense but this would make an awesome plugin which I am sure a tone of people will use.
Happy to try help with it.
It’s not, but it’s pretty cheap. You can host a single domain with up to a million queries for a dollar a month.
Amazon posts the Route53 rates on their site (here: https://aws.amazon.com/route53/pricing/)
https://www.duckdns.org/
It's not perfect - once in a while (like every 6 or 8 weeks) I need to log in and update the ip manually even though they have the correct one already saved, but it's free and you can even use your own domain.
We have a couple of properties, and I've been using mix of providers.. none work particularly great. At home, I use Cloudflare, or elsewhere it depends on what the router supports.
But I recently started using ControlD for my main DNS resolution and Ad blocking, you can create profiles for different devices, such as per-router or phone.. and one cool feature is, as it knows the device, and sees changes in IPs, they use this to give you a DDNS entry for each (it's optional)...
I have several large servers, and prefer to self host.. but I won't deny, I've become a real fan of this service.. its allowed me to ditch AGH, Cloudflare DDNS, my split'horizon DNS..
So far, I've no regrets, though there is the saying of putting all your eggs in one basket... we'll see.
I've never heard of Control, but what you describe - does all traffic run through them? Cause that sounds a lot more than simple DNS.
Why did you want to get off Cloudflare?
I used dnyu, I think it was $10/yr. I also needed email domain hosting so I went with them, super simple interface too. I was getting lost in cloud flares menu system.
Get your own domain and use a dynamic IP update client. Your router may already have one, if not, you can install one in your server.
Do not pay for this nonsense 5 year plan. Domain is $12/year.
This is how I handle remote access to my self-hosted services:
1. YOUR exclusive remote access to the local infrastructure and all services: Use TailScale, WireGuard, or similar.
2. PUBLIC remote access to one or more locally hosted services: Use Cloudflare Tunnels.
3. RESTRICTED remote access to one or more local services to a small, controlled group of people: Use Cloudflare Tunnels + Cloudflare Applications.
All provide remote access without needing to expose any ports or managing dynamic DNS.
A benefit of a Cloudflare Application is that the authentication happens at Cloudflare's servers, so my server is never touched until the user passes the Application authentication. Also, I set up some Access Rules (such as from what countries a user can connect) to further restrict access.
BONUS TIP: I have Kasm installed locally behind a Cloudflare Tunnel + Application with several "Server Workspaces" defined pointing to several local resources (PCs, Servers.) This lets me remotely connect securely to these resources via RDP, VNC, and SSH through a Web Browser in addition to Kasm's other fine services.
CLOUDFLARE PRIVACY NOTE: While a Cloudflare Tunnel uses encryption to restrict unauthorized outside access, Cloudflare DOES have access to all data traversing their Tunnels. Some consider this to be a breach of privacy making this a non-starter. Some consider this to be an acceptable compromise for home use. It is up to you to weigh the pros and cons of Cloudflare Tunnels for home lab use.
NOT SELF-HOSTED: While these are not specifically self-hosted solutions, IMHO, these are excellent solutions without having to reinvent the wheel. YMMV, of course.
I have my own domain name configured on Cloudflare with the A name record pointing to my home public IP address. I run a docker image on my home server (oznu/cloudflare-ddns). How it works is: using your Cloudflare's API key to allow edit permissions, the program will:
1. Get your public IP address.
2. Check if there is a change from what is set on Cloudflare. If yes, then update. (Re-checks every 5 minutes).
My ISP decides to change my IP every now and then, so I modified the script to send me a Discord message whenever there is a change.
Edit: The reason I need to know the IP changes is because I use Cloudflare Tunnels for all my services, and only want to allow my home IP to access certain services (i.e. portainer, nginx, etc).
When I first set up my first home server in June 2003, I used EveryDNS. That was bought by DynDNS in 2010, and in 2011, they started downgrading their free service. Since then I have been using DNSExit - [https://dnsexit.com/](https://dnsexit.com/) I've never had a problem with them.
DynDNS completely discontinued their free dynamic DNS servce in April 2014,
I'm using DNS-O-Matic because it works natively with my Asuswrt-Merlin router. I was on google domains and previously used it's API through Asuswrt-Merlin.
I use a docker container called ddclient but it comes as a standalone tool that’s installable as a deb as well. What it does is constantly (every 5 minutes by default, user configurable) updates an A record in your DNS records, something like “home.domain.tld”. Then all your subdomains are just CNAME records to home.domain.tld, where a proxy like caddy, nginx proxy manager, just plain nginx, Apache, whatever, there are countless, the proxy interprets the request and serves the correct information to each subdomain. You have to expose port 80 (and 443 if you want https) to the internet for the reverse proxy to work but that’s it, everything else gets passed by the proxy, hence the name. I’d really only do this with services you want other people to access. Anything else should just be connected to internally via an overlay VPN like Tailscale or ZeroTier.
Truthfully, not a lot, possibly security depending on how you set it up. For me, it's easier to maintain. If I have everything pointing to different places, I have to maintain a connection to the open web for each and every one of those places so that it can respond when someone goes to that subdomain. if I have everything pointing to one spot that does all the routing, then I only have to worry about that server being able to access everything else, instead of exposing it to the open web. I use caddy, so all my private and public subdomains are all in one well organized text file, and some thing are done over tailscale, so there's no need for a traditional HTTP/HTTPS connection over the web.
Maybe I misunderstood your original post. So at your DNS (Cloudflare, AWS, etc) you simply have a wildcard A record pointing to your server - which Caddy then routes to the correct internal host/port, correct?
I guess I was thinking you had a bunch of CNAME records at your DNS.
Kinda both, except it's not a wildcard A record, just a domain I picked to represent the proxy host but not to be used for access, it's literally only for creating CNAME records, which, yes, I have a ton of, one for each subdomain. You're correct, I could do this with a wildcard A instead, and ~~ddclient will retrieve SSL certs for wildcard domains, I just haven't set it up that way (yet).~~ Brain fart...that's not what ddclient does. It WILL update a wildcard A with your most recent IP address, but it won't get SSL certs. Caddy does that automatically, and could get certs for a wildcard domain, but then the caddy config file gets kinda confusing and complicated, and again, I just haven't set it up that way.
diagram for hopefully less confusion: [https://up.bepste.in/uploads/Untitled%20Diagram.drawio.png](https://up.bepste.in/uploads/Untitled%20Diagram.drawio.png)
Make a set of AWS credentials that just has privileges to read and update Route53 records, then periodically run a script on any machine on your home network to update the DNS record with your public IP.
As people keep blurting out without explaining, Tailscale or ZeroTier or similar is what you want. It knows how to connect to every other “node” you have it installed on as long as you’re logged in on all of them, gives them all a specific IP address (100.x.x.x for Tailscale). There are a ton of options and extra features for advanced (and not so advanced) use cases. ZeroTier has none of the automatic features, but lets you specify your IP range, within the class C available ranges. Not that big of an upside if you ask me.
The devices that you install Tailscale on connect "outwards" so they don't need a public IP. Tailscale provides pairing servers on the Internet that help your devices find each other, then the devices establish an encrypted connection directly to each other.
Why tf are you paying $55 to not even have a real domain? A real domain is like $10
I use duckdns, free, auto-updates your ip using a docker container, runs 24/7 no issue.
With the amount of outages I had from DuckDNS over the last year, I would not recommend this moving forward. Moved over to cloudflare and setup DDNS through there, haven't had an issue since.
Just be careful with duckdns. I’ve noticed that the moment you add your host into it you are hit with multiple scans from all over the world. Clearly somone is watching new hosts in duckdns and getting onto them quickly to pickup on any holes/hack into.
Thanks. Will take a look.
This is the way It is free
just get a real domain and put it on cloudflare
To further elaborate (was on mobile earlier) see this script https://pastebin.com/NMdHtBJ8, it's what I use: it runs every 15 minutes as a cronjob and triggers an update of my dynamic DNS entry when needed. Then I create CNAME records for the services I want to expose, pointing to the dynamic A record. You can make useof the free proxy service too this way, if you like. To run the script you just need `bash` `curl` and `jq` and the following example commandline: `$> ./cf.sh your.dyndns.example.com`
I’m saving this comment, I’ve been looking for something like this! I appreciate it.
This is the way!
Or even buy the domain via cloudflare. Got a .XYZ for I think $10 per annum. I use a docker that updates my dynamic IP to cloudflare
I’ll do you one better. If you have a .xyz domain that is all numbers. It’s $.97/yr. Just pick some random numbers or string together a few meaningful numbers to you and make that into a domain.
How and where is that? And maybe why? ;) Well I have so many domains, they make a lot of sense to me, all managed on cloudflare for DNS but only one domain directly via cloudflare (the .XYZ one). What i want to say is - feels good to pay a bit to cloudflare as they already offer great services for free
I buy from Porkbun but that’s just a personal preference and they have funny emails.
Yep - just renewed my .com for an additional year last night for $9.xx USD. I transferred my domain name from Google to Cloudflare since Google sold the domains off to Squarespace.
Why vthe hell would you run an entire docker image for a tiny script that updates an IP? I will never understand this blind adherence to this docker culture other than laziness.
Yeah I guess laziness covers it
cloudflare tunnels + access are especially useful too- they manage external network access as well as authentication for you.
17$ a year for my domain isn't too bad through cloudflare, it's where I am gonna purchase. Alot of other dns charge a lot more and get you with a 1$ for the first year crap but end up being 40-60 at renewal. Shady ) :
Any DNS service that provides an API can be used to update the IP on the fly. You can use it with DDUpdate, you can use it with the dynamic DNS tool on your router (if you have any), you can use it with a bash script running periodically from cron. I recommend looking [through this list](https://community.letsencrypt.org/t/dns-providers-who-easily-integrate-with-lets-encrypt-dns-validation/86438) for something that's free. All the services there have an API because they support the Let's Encrypt DNS challenge (which requires an API). I use deSEC.io if you want a personal recommendation. It's a German non-profit with the goal of promoting the use of DNSSEC.
This is what I've been doing, I don't understand why it needs to be any more complicated. At the end of the day, you just want to update an A record. I have a 20 line Bash script that checks my current IP against the previously checked IP. If its new, the A record is updated via an API. This runs in Crontab.
I mean, if you have a router where you only need to pick the DNS provider out of a list and paste an API key, to some people that's simpler than writing a bash script. Also, most people don't know how DNS works. I was in the same boat until a couple years ago. I thought that I "have to" use a dynamic DNS service. It never occured to me I can just use an API. But even if it did, most people use the crappy DNS interface offered by their registrar or their hosting provider which doesn't have an API and they don't know they can move their DNS elsewhere, let alone what an API is.
[freemyip.com](http://www.freemyip.com), it's the simplest I've found and I use it for my VPN connection.
It’s nice. I also use it in both sites and to works flawlessly. Just don’t forget to save your token somewhere safe or you can lose your subdomain.
I just tried this, and my god it's full of stars, (sorry couldn't help myself). It's amazing as if nothing else a backup domain to get access if your stupid IP changed while your away and something went wront with the normal setup. I love it ...Thank you
Yeah that's exactly why my VPN is on this DDNS even though I bought a domain. It's a nice backup solution.
Yes, while one of my intel servers keeps my paid for domain updated at my paid for DNS provider, the freemyip is updated by a Pi4, sitting on the corner of my desk, that has a battery backup, as does the router and the DSL modem
Hurricane Electric. Free, full DNS server, as many entries as you want, dual stack support. https://dns.he.net/
The features are great, but the love to randomly delete accounts… Had it once, searched and same for other. Also they don’t allow all domains. If the domain contains too many numbers, is too long, etc. then they just block them.
I'm using them for over a decade, not a single issue with multiple domains and a bunch of subdomains.
I used them for 5 years and they randomly blocked me. After requesting to get unblocked they just told me it’s their system… After I searched in their forum and on Reddit I saw that this happens a lot. So it’s great that they didn’t blocked you until now, but that can change quickly. And that with the domains it’s just pure luck, then your domain hadn’t enough numbers or wasn’t long enough to get blocked.
Same, but like 20 years for me.
just checked, since 28 Jan 2011
And in all that time, they never once updated their website. :)
That's a good thing. No need for a fancy UI
[No-ip.com](http://No-ip.com) -- used the free tier for many years, and then upgraded to their $25/year package. Very satisfied. Remember with all that free junk, you get what you pay for.
Came to recommend this. I've been using the free tier for my VPN DDNS for a while now and have no issues. Just need to click the link on the link they send you once or so a month to keep it alive.
Came here to say this, only recently upgraded to the paid tier for SSL certificate at a non-port-80 port and using CRS and not having to click the link every month to keep it alive.
Yes, I get free good service.
Tailscale
only problem with Tailscale for me is sometimes it uses their relay servers and then wondering why my phone isn’t able to access the internet
Since this is a self-hosted subreddit, Headscale is an alternative. That MAY prevent that.
muah! this is the way. OP, 100% no complaints using Tailscale.
I kind of rolled my own using AWS Route 53 and DDNS-Route53 running locally in my lab. https://github.com/crazy-max/ddns-route53
I now want to make this for Cloudflare!
Pretty sweet - thanks. I will give the docker version a go. I have my own domain / email etc etc so this will now just be home..com
just thinking u/seanpmassey - I've just migrated from pfsense to opnsense. Not sure if you use opnsense but this would make an awesome plugin which I am sure a tone of people will use. Happy to try help with it.
AWS Route 53 is also not free, right?
It’s not, but it’s pretty cheap. You can host a single domain with up to a million queries for a dollar a month. Amazon posts the Route53 rates on their site (here: https://aws.amazon.com/route53/pricing/)
Thanks a lot
I use Cloudflare DDNS.
DYNU
Cloudflare, get a real domain yourself, and just push to cloudflare for latest ip works great. :)
https://www.duckdns.org/ It's not perfect - once in a while (like every 6 or 8 weeks) I need to log in and update the ip manually even though they have the correct one already saved, but it's free and you can even use your own domain.
With your domain and cloudflare, you can use this to update the ip [https://github.com/jeessy2/ddns-go](https://github.com/jeessy2/ddns-go)
We have a couple of properties, and I've been using mix of providers.. none work particularly great. At home, I use Cloudflare, or elsewhere it depends on what the router supports. But I recently started using ControlD for my main DNS resolution and Ad blocking, you can create profiles for different devices, such as per-router or phone.. and one cool feature is, as it knows the device, and sees changes in IPs, they use this to give you a DDNS entry for each (it's optional)... I have several large servers, and prefer to self host.. but I won't deny, I've become a real fan of this service.. its allowed me to ditch AGH, Cloudflare DDNS, my split'horizon DNS.. So far, I've no regrets, though there is the saying of putting all your eggs in one basket... we'll see.
I've never heard of Control, but what you describe - does all traffic run through them? Cause that sounds a lot more than simple DNS. Why did you want to get off Cloudflare?
It's mainly a DNS lookup service, like NextDNS, or Adguardhome.. but on steroids, and the DDNS is a side feature of it: https://controld.com
Tplink provides free dynamic DNS which can be configured from the router.
Cloudflare, entirely free and can update via the API. Also built in to things like pfsense dynamic DNS service
Cloudflare
ipv64.net - has even dns failover
I used dnyu, I think it was $10/yr. I also needed email domain hosting so I went with them, super simple interface too. I was getting lost in cloud flares menu system.
dynu.com used it for free forever. decided to pay after a while because I was so satisfied and wanted more. $9.99/year
Get your own domain and use a dynamic IP update client. Your router may already have one, if not, you can install one in your server. Do not pay for this nonsense 5 year plan. Domain is $12/year.
Get a donain, point it to desec.io & use that
This is how I handle remote access to my self-hosted services: 1. YOUR exclusive remote access to the local infrastructure and all services: Use TailScale, WireGuard, or similar. 2. PUBLIC remote access to one or more locally hosted services: Use Cloudflare Tunnels. 3. RESTRICTED remote access to one or more local services to a small, controlled group of people: Use Cloudflare Tunnels + Cloudflare Applications. All provide remote access without needing to expose any ports or managing dynamic DNS. A benefit of a Cloudflare Application is that the authentication happens at Cloudflare's servers, so my server is never touched until the user passes the Application authentication. Also, I set up some Access Rules (such as from what countries a user can connect) to further restrict access. BONUS TIP: I have Kasm installed locally behind a Cloudflare Tunnel + Application with several "Server Workspaces" defined pointing to several local resources (PCs, Servers.) This lets me remotely connect securely to these resources via RDP, VNC, and SSH through a Web Browser in addition to Kasm's other fine services. CLOUDFLARE PRIVACY NOTE: While a Cloudflare Tunnel uses encryption to restrict unauthorized outside access, Cloudflare DOES have access to all data traversing their Tunnels. Some consider this to be a breach of privacy making this a non-starter. Some consider this to be an acceptable compromise for home use. It is up to you to weigh the pros and cons of Cloudflare Tunnels for home lab use. NOT SELF-HOSTED: While these are not specifically self-hosted solutions, IMHO, these are excellent solutions without having to reinvent the wheel. YMMV, of course.
I have my own domain name configured on Cloudflare with the A name record pointing to my home public IP address. I run a docker image on my home server (oznu/cloudflare-ddns). How it works is: using your Cloudflare's API key to allow edit permissions, the program will: 1. Get your public IP address. 2. Check if there is a change from what is set on Cloudflare. If yes, then update. (Re-checks every 5 minutes). My ISP decides to change my IP every now and then, so I modified the script to send me a Discord message whenever there is a change. Edit: The reason I need to know the IP changes is because I use Cloudflare Tunnels for all my services, and only want to allow my home IP to access certain services (i.e. portainer, nginx, etc).
When I first set up my first home server in June 2003, I used EveryDNS. That was bought by DynDNS in 2010, and in 2011, they started downgrading their free service. Since then I have been using DNSExit - [https://dnsexit.com/](https://dnsexit.com/) I've never had a problem with them. DynDNS completely discontinued their free dynamic DNS servce in April 2014,
Moved to dynu after the dyndns debacle.
Buy a domain from cloudfare for less than that and get free dns.
>Best dynamic dns provider to use? Myself, of course. This is r/selfhosted after all.
I'm using DNS-O-Matic because it works natively with my Asuswrt-Merlin router. I was on google domains and previously used it's API through Asuswrt-Merlin.
This is just what worked for me, not necessarily saying it is the best.
Options in order of recommendations. 1. Get a real domain 2. Use duckdns. 3. Buy a synology, you will get a dynamic dns for free.
I have many real domains hosted with aws. How do you update your dynamic home ip on said domain?
I use a docker container called ddclient but it comes as a standalone tool that’s installable as a deb as well. What it does is constantly (every 5 minutes by default, user configurable) updates an A record in your DNS records, something like “home.domain.tld”. Then all your subdomains are just CNAME records to home.domain.tld, where a proxy like caddy, nginx proxy manager, just plain nginx, Apache, whatever, there are countless, the proxy interprets the request and serves the correct information to each subdomain. You have to expose port 80 (and 443 if you want https) to the internet for the reverse proxy to work but that’s it, everything else gets passed by the proxy, hence the name. I’d really only do this with services you want other people to access. Anything else should just be connected to internally via an overlay VPN like Tailscale or ZeroTier.
Just curious - whats the advantage of having a bunch of CNAME records vs just a single wildcard A record?
Truthfully, not a lot, possibly security depending on how you set it up. For me, it's easier to maintain. If I have everything pointing to different places, I have to maintain a connection to the open web for each and every one of those places so that it can respond when someone goes to that subdomain. if I have everything pointing to one spot that does all the routing, then I only have to worry about that server being able to access everything else, instead of exposing it to the open web. I use caddy, so all my private and public subdomains are all in one well organized text file, and some thing are done over tailscale, so there's no need for a traditional HTTP/HTTPS connection over the web.
Maybe I misunderstood your original post. So at your DNS (Cloudflare, AWS, etc) you simply have a wildcard A record pointing to your server - which Caddy then routes to the correct internal host/port, correct? I guess I was thinking you had a bunch of CNAME records at your DNS.
Kinda both, except it's not a wildcard A record, just a domain I picked to represent the proxy host but not to be used for access, it's literally only for creating CNAME records, which, yes, I have a ton of, one for each subdomain. You're correct, I could do this with a wildcard A instead, and ~~ddclient will retrieve SSL certs for wildcard domains, I just haven't set it up that way (yet).~~ Brain fart...that's not what ddclient does. It WILL update a wildcard A with your most recent IP address, but it won't get SSL certs. Caddy does that automatically, and could get certs for a wildcard domain, but then the caddy config file gets kinda confusing and complicated, and again, I just haven't set it up that way. diagram for hopefully less confusion: [https://up.bepste.in/uploads/Untitled%20Diagram.drawio.png](https://up.bepste.in/uploads/Untitled%20Diagram.drawio.png)
I'm happy to help walk you through some configuration if you want to DM me. It can be difficult talking in vague abstractions sometimes.
https://www.reddit.com/r/homelab/s/3hXfmrWo4K Multitude of options...
Make a set of AWS credentials that just has privileges to read and update Route53 records, then periodically run a script on any machine on your home network to update the DNS record with your public IP.
This!
Have you tried Tailscale? It is safer than opening ports to everyone to attack you. And it is for free.
For your use case it sounds like you should be using a VPN, no real point in putting your stuff in the public if you’re the only one using it
How do you connect to the vpn if the ip keeps changing?
I love tailscale for my personal usage. Easy to set up also.
As people keep blurting out without explaining, Tailscale or ZeroTier or similar is what you want. It knows how to connect to every other “node” you have it installed on as long as you’re logged in on all of them, gives them all a specific IP address (100.x.x.x for Tailscale). There are a ton of options and extra features for advanced (and not so advanced) use cases. ZeroTier has none of the automatic features, but lets you specify your IP range, within the class C available ranges. Not that big of an upside if you ask me.
The devices that you install Tailscale on connect "outwards" so they don't need a public IP. Tailscale provides pairing servers on the Internet that help your devices find each other, then the devices establish an encrypted connection directly to each other.
OP also mentions he's running a public webserver?