One perk that someone told me about is that you can use your domain to get around not having a static IP (because the DNS will compensate).

If I were to get a Cloudflare domain name then what would be some other pros and cons?

  • i_reddit_it@alien.topB
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    > One perk that someone told me about is that you can use your domain to get around not having a static IP (because the DNS will compensate).

    No this wont really help you with that. A domain name (‘A’ record in a DNS provider such as Cloudflaire) is simply a pointer to an IP address. If you configure this with a non-static address (e.g. your public IP provided by your ISP) then this will at somepoint change and therefore no longer resolve. You would then need to manually update the IP in the DNS record each time.

    There are services you can run locally to automate this update (check on your router) called Dyanmic DNS. DDNS will basically call a configured endpoint to automate the change.

    > If I were to get a Cloudflare domain name then what would be some other pros and cons?

    Personally I set up an A record to point my domian `mydomain.com` to a local IP (19.168.1.x) which is running NGINX proxy manager. With a wildcard CNAME such as `*.mydomain.com` I can add all my local services in NPM with valid letsencrypt certificates.

    Now I never need to use IP’s/ports as I can:

    - Access all my local services via valid SSL certs

    - Manage them in a single place (NGINX proxy manager)

    - Use nice looking URL’s using subdomains (e.g `https://router.mydomain.com`)

    - Same with email addresses. I can use `whatever-i-want@mydomain.com` - which I have configured in Cloudflare to forward to my primary gmail account (Just add a `MX` entry).

    • sleekstrike@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I have the same setup except I’m using dynv6. Is there a guide I can follow to set this up?

    • paulk1997@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      You can auto update your up on cloudflare with a docker container. I’m sure they have an app.

  • chazzeromus@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    it’s pretty sick. i got all my home services SSL terminated with subdomains that aren’t resolvable outside my network. I configured a nice ULA addresses doled out by my dhcp6 by modifying the ipv6 RA to solicit managed ipv6 dhcp and send updates to named so even my apple devices can reach out to them (apple devices tend to fallback to external DNS if AAAA dns records aren’t found)

  • Simon-RedditAccount@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago
    • good-looking domains instead of IPs
    • tons of subdomains instead of ports
    • universally recognized TLS certs via Let’s Encrypt. DNS challenges are the way to go - you don’t even have to expose your HTTP server
    • dynamic DNS, again available via API
    • inbox@yourdomain.com (better not to self-host, but to use an email provider)
    • tgp1994@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago
      • universally recognized TLS certs via Let’s Encrypt. DNS challenges are the way to go - you don’t even have to expose your HTTP server

      Just a note, as we’ve had this discussion before: DNS ACME challenges will publish the FQDN of every service you encrypt to a public record, which some sites will scrape up. Just in case this bothers some people.

    • trumpet7347@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Wanted to expand on your custom domain for an email since this is something I do to get a more professional email address to put on my resume. A lot of DNS services like Cloudflare or NameCheap will actually let you create email addresses off of your custom domain that will just forward to a different email of your choosing, and generally free or very very cheap as well. If you want to be able to actually send emails from your custom domain, you can setup a Google Workspace account with a single seat for $5 a month and have a fully hosted email solution that uses your custom domain name.

      • FanClubof5@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Proton mail will let you do wildcard email and it’s only $3-4 a month. If you need smtp support then you can just setup a hydroxide container.

      • WeedLover_1@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        better to use zoho. Zoho mails provides you 5 free custom email for free and zeptomail allows you to send k emails for 1 dollars

        • Electronic_Wind_3254@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          When I used Zoho Free, many of my emails would end up in people’s spam folders. My domain is certainly not on any blacklist, it was pointed correctly and with the security and domain validation features enabled and everything configured properly. Deployed it to small business clients as well and same result.

          Gmail doesn’t seem to like Zoho.

          What seemed to work like a charm was to use iCloud+ Custom Email and just add my custom domain addresses as aliases on Gmail. It’s like having a custom domain Google Workspace without paying anything (apart from the iCloud subscription that gives you a ton of space for all your data).

    • who_you_are@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      tons of subdomains instead of ports

      Just to be clear for OP, that applies only for protocols that “support DNS” as in, they send the DNS in the protocol.

      The one I have in mind: http(s) and emails.

      Games, FTP and most of the protocols don’t.

      • Bagel42@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Still a bit wrong. You can use things like Portzilla and make it so that certain subdomains are for certain game servers.

        • who_you_are@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Hum, then I am missing something because portzilla is just a reverse proxy by the look of it

          This mean:

          • you need to use http (games and ftp don’t)

          Or

          • you have multiple IPs (one per sub domain if I want to go with the examples from portzilla).

          I assumed OP was in IPV4 and only has one IP.

          Just to be sure from my other assumptions (kinda ELI5)

          • DNS doesn’t exist on the transport layer. It is converted to an IP and your computer just try to connect to that IP. So whatever DNS you use, if they point to the same IP you have no way to distinguish from what “DNS” they want to go.

          This is how networking works. Only with IP, no DNS.

          • some applications (http), added support for DNS. When the user type a DNS, even if your computer still use IP to reach the server, the browser will introduce itself by telling the server the DNS it tried to reach.
    • eckadagan@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      universally recognized TLS certs via Let’s Encrypt. DNS challenges are the way to go - you don’t even have to expose your HTTP server

      I use DNS challenges for mine as well, but I have been manually renewing my cert every time. Is there a way to automate letsencrypt/cerbot renewal when you use DNS challenges?

  • da_frakkinpope@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    One benefit for me that wasn’t immediately apparent is a custom email, paired with something like proton mail and simple login I turned it into a catch all.

    It’s fantastic. Company asks for a email, sure. Walmart@problematicpenguin.org. Now, I can sort anything that arrives to walmart@ right into the spam box. Doesn’t matter what address they’d send it from.

    Fucking. Brilliant.

    • Own_Career_7388@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I miss the days when you could just do johnsmith+walmart@gmail.com when signing up on a website, but now everyone either outright rejects it as invalid or parses it out.

      It was useful because you could see who was selling your email address, but that exposed too many companies and was losing them $$$ so they patched it :(

    • SilverFoxPurple@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      This. I’ve done this since 2003 (when I got my first custom domain + email) and I’ve discovered several forums, services and companies that have either sold their databases or (most probably) got hacked and never made it public.

      Pro-tip: If you are going to give out the address face to face, they might not trust you or not understand when you tell them that your email address is theirCompanyName@yourdomain.org. I even had a store blatantly refusing to type that into their system. So, I started using ROT-13 to encode the company/service name, and just telling them the address is gurvePbzcnalAnzr@yourdomain.org. Nobody has ever asked why my email address was so unpronounceable.

      • mgcarley@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I usually get “oh, do you work for…”.

        No, it’s just my spam filter.

        “Why?”

        “Because I have strict rules where if the sender and recipient don’t match, it gets deleted and I’ll never see it.”

        And then there’s the ones that are like “check your spam folder”…

        “I don’t have a spam folder, because every company has their own email address, so I either get it or I don’t, depending on YOUR system and whether it works properly”.

        True or not, “technical jargon” doesn’t really get questioned after a certain point.

    • HeadlineINeed@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Does this work with Google Workspace/gmail? And how do you do it? If you’re at some new store say hshsb do you create the email before you go or while you’re there?

  • Id1ing@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    You’d need to implement Dynamic DNS to update the records. DNS alone won’t do that.

      • sleekstrike@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Is there a guide I can follow? Currently I’m using dynv6 and have a bash script that updates my ipv6 every 10 mins or so.

      • nightmareFluffy@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Yeah, Cloudflare tunnel takes care of the dynamic DNS. It has limitations, which is why I switched to Caddy and Nginx, but Cloudflare is relatively easy to set up for n00bs and I highly recommend it.

    • fm2606@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Correct. I used NOIP for years until I realized that 1) my IP address is static and 2) my home IP address was being exposed. (Pretty obvious I know but sometimes I am slow on the uptake 😃)

      My solution was to get a $5 per month vps and reverse proxy and reverse ssh tunnels.

      The $5 / month VPS ($60/year) was pretty much the cost of NOIP per year to use custom domains.

      • cobra89@beehaw.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I just use duckdns as a free dynamic IP service. But you are correct about it exposing your home IP. Personally I’m not concerned about that so it works for me. Then I use Apache to route my incoming traffic depending on subdomain.

  • moontear@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    One thing that wasn’t mentioned: I can use *.internal.domain.com and not have that routed on public DNS (using my own DNS with pihole + unbound or adguard). Of course still valid certificate for that domain.

    It feels good using a domain name I can type it and secondly *.domain.com IS publically routed, meaning all external services go there. The internal stuff I can only access via Tailscale (which automatically uses my dns).

  • Krieg@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Cloudflare tunnels so I don’t have to open any port in my network. You can do this even with the Cloudflare free tier. And the byproduct is DNS for free for your domain name, I actually moved the Cloudflare because DNS was getting too expensive with my domain name provider.

  • bschlueter@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I get to see who verifies email addresses correctly with my @example.blue email addresses. Most people get it with minimal correction, but even Apple doesn’t programmatically do it correctly.

  • m4nf47@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’ve recently set up hard coded local entries for router.domain and nas.domain but not got around to adding printer.domain yet. In theory it is quite possible to define static DHCP entries for a bunch of different containers with bridged network interfaces then add entries for individual services like filemanager.domain and mediastreamer.domain and downloader.domain and cctv.domain etc.