One perk that someone told me about is that you can use your domain to get around not having a static IP (because the DNS will compensate).
If I were to get a Cloudflare domain name then what would be some other pros and cons?
> One perk that someone told me about is that you can use your domain to get around not having a static IP (because the DNS will compensate).
No this wont really help you with that. A domain name (‘A’ record in a DNS provider such as Cloudflaire) is simply a pointer to an IP address. If you configure this with a non-static address (e.g. your public IP provided by your ISP) then this will at somepoint change and therefore no longer resolve. You would then need to manually update the IP in the DNS record each time.
There are services you can run locally to automate this update (check on your router) called Dyanmic DNS. DDNS will basically call a configured endpoint to automate the change.
> If I were to get a Cloudflare domain name then what would be some other pros and cons?
Personally I set up an A record to point my domian `mydomain.com` to a local IP (19.168.1.x) which is running NGINX proxy manager. With a wildcard CNAME such as `*.mydomain.com` I can add all my local services in NPM with valid letsencrypt certificates.
Now I never need to use IP’s/ports as I can:
- Access all my local services via valid SSL certs
- Manage them in a single place (NGINX proxy manager)
- Use nice looking URL’s using subdomains (e.g `https://router.mydomain.com`)
- Same with email addresses. I can use `[email protected]` - which I have configured in Cloudflare to forward to my primary gmail account (Just add a `MX` entry).
I have the same setup except I’m using dynv6. Is there a guide I can follow to set this up?
You can auto update your up on cloudflare with a docker container. I’m sure they have an app.
One benefit for me that wasn’t immediately apparent is a custom email, paired with something like proton mail and simple login I turned it into a catch all.
It’s fantastic. Company asks for a email, sure. [email protected]. Now, I can sort anything that arrives to walmart@ right into the spam box. Doesn’t matter what address they’d send it from.
Fucking. Brilliant.
I miss the days when you could just do [email protected] when signing up on a website, but now everyone either outright rejects it as invalid or parses it out.
It was useful because you could see who was selling your email address, but that exposed too many companies and was losing them $$$ so they patched it :(
See, I keep reading that. Idk for sure if it’s because I use a custom domain, but no company has rejected me yet. Closest I got was a, “Is this a real email address?” “Yes” “That’s so cool! How is your email [email protected]?”
This. I’ve done this since 2003 (when I got my first custom domain + email) and I’ve discovered several forums, services and companies that have either sold their databases or (most probably) got hacked and never made it public.
Pro-tip: If you are going to give out the address face to face, they might not trust you or not understand when you tell them that your email address is [email protected]. I even had a store blatantly refusing to type that into their system. So, I started using ROT-13 to encode the company/service name, and just telling them the address is [email protected]. Nobody has ever asked why my email address was so unpronounceable.
I usually get “oh, do you work for…”.
No, it’s just my spam filter.
“Why?”
“Because I have strict rules where if the sender and recipient don’t match, it gets deleted and I’ll never see it.”
And then there’s the ones that are like “check your spam folder”…
“I don’t have a spam folder, because every company has their own email address, so I either get it or I don’t, depending on YOUR system and whether it works properly”.
True or not, “technical jargon” doesn’t really get questioned after a certain point.
Does this work with Google Workspace/gmail? And how do you do it? If you’re at some new store say hshsb do you create the email before you go or while you’re there?
You can point simple login to your exosting Gmail account, sure. Simplelogin is a paid service.
it’s pretty sick. i got all my home services SSL terminated with subdomains that aren’t resolvable outside my network. I configured a nice ULA addresses doled out by my dhcp6 by modifying the ipv6 RA to solicit managed ipv6 dhcp and send updates to named so even my apple devices can reach out to them (apple devices tend to fallback to external DNS if AAAA dns records aren’t found)
You’d need to implement Dynamic DNS to update the records. DNS alone won’t do that.
Might as well use a Cloudflare tunnel.
Yeah, Cloudflare tunnel takes care of the dynamic DNS. It has limitations, which is why I switched to Caddy and Nginx, but Cloudflare is relatively easy to set up for n00bs and I highly recommend it.
Adds latency and now Cloudflare sees all your traffic
There are docker containers that auto update cloudflare a records for dynamic IP.
Is there a guide I can follow? Currently I’m using dynv6 and have a bash script that updates my ipv6 every 10 mins or so.
Correct. I used NOIP for years until I realized that 1) my IP address is static and 2) my home IP address was being exposed. (Pretty obvious I know but sometimes I am slow on the uptake 😃)
My solution was to get a $5 per month vps and reverse proxy and reverse ssh tunnels.
The $5 / month VPS ($60/year) was pretty much the cost of NOIP per year to use custom domains.
I just use duckdns as a free dynamic IP service. But you are correct about it exposing your home IP. Personally I’m not concerned about that so it works for me. Then I use Apache to route my incoming traffic depending on subdomain.
- good-looking domains instead of IPs
- tons of subdomains instead of ports
- universally recognized TLS certs via Let’s Encrypt. DNS challenges are the way to go - you don’t even have to expose your HTTP server
- dynamic DNS, again available via API
inbox@yourdomain.com(better not to self-host, but to use an email provider)
- universally recognized TLS certs via Let’s Encrypt. DNS challenges are the way to go - you don’t even have to expose your HTTP server
Just a note, as we’ve had this discussion before: DNS ACME challenges will publish the FQDN of every service you encrypt to a public record, which some sites will scrape up. Just in case this bothers some people.
universally recognized TLS certs via Let’s Encrypt. DNS challenges are the way to go - you don’t even have to expose your HTTP server
I use DNS challenges for mine as well, but I have been manually renewing my cert every time. Is there a way to automate letsencrypt/cerbot renewal when you use DNS challenges?
can recommend acme.sh if on Linux
Wanted to expand on your custom domain for an email since this is something I do to get a more professional email address to put on my resume. A lot of DNS services like Cloudflare or NameCheap will actually let you create email addresses off of your custom domain that will just forward to a different email of your choosing, and generally free or very very cheap as well. If you want to be able to actually send emails from your custom domain, you can setup a Google Workspace account with a single seat for $5 a month and have a fully hosted email solution that uses your custom domain name.
better to use zoho. Zoho mails provides you 5 free custom email for free and zeptomail allows you to send k emails for 1 dollars
When I used Zoho Free, many of my emails would end up in people’s spam folders. My domain is certainly not on any blacklist, it was pointed correctly and with the security and domain validation features enabled and everything configured properly. Deployed it to small business clients as well and same result.
Gmail doesn’t seem to like Zoho.
What seemed to work like a charm was to use iCloud+ Custom Email and just add my custom domain addresses as aliases on Gmail. It’s like having a custom domain Google Workspace without paying anything (apart from the iCloud subscription that gives you a ton of space for all your data).
Can also do this with iCloud+ for 99 cents a month.
Purelymail
Proton mail will let you do wildcard email and it’s only $3-4 a month. If you need smtp support then you can just setup a hydroxide container.
more professional email address
Does it even work?
tons of subdomains instead of ports
Just to be clear for OP, that applies only for protocols that “support DNS” as in, they send the DNS in the protocol.
The one I have in mind: http(s) and emails.
Games, FTP and most of the protocols don’t.
Still a bit wrong. You can use things like Portzilla and make it so that certain subdomains are for certain game servers.
Hum, then I am missing something because portzilla is just a reverse proxy by the look of it
This mean:
- you need to use http (games and ftp don’t)
Or
- you have multiple IPs (one per sub domain if I want to go with the examples from portzilla).
I assumed OP was in IPV4 and only has one IP.
Just to be sure from my other assumptions (kinda ELI5)
- DNS doesn’t exist on the transport layer. It is converted to an IP and your computer just try to connect to that IP. So whatever DNS you use, if they point to the same IP you have no way to distinguish from what “DNS” they want to go.
This is how networking works. Only with IP, no DNS.
- some applications (http), added support for DNS. When the user type a DNS, even if your computer still use IP to reach the server, the browser will introduce itself by telling the server the DNS it tried to reach.
You can also just use a web server like apache and have it forward the traffic to the correct place depending on the sub domain. This is what I do, I can have minecraft.mydomain.com route to 192.168.1.40:5000 and valheim.mydomain.com route to 192.168.1.40:27015.
I’ve recently set up hard coded local entries for router.domain and nas.domain but not got around to adding printer.domain yet. In theory it is quite possible to define static DHCP entries for a bunch of different containers with bridged network interfaces then add entries for individual services like filemanager.domain and mediastreamer.domain and downloader.domain and cctv.domain etc.
One thing that wasn’t mentioned: I can use *.internal.domain.com and not have that routed on public DNS (using my own DNS with pihole + unbound or adguard). Of course still valid certificate for that domain.
It feels good using a domain name I can type it and secondly *.domain.com IS publically routed, meaning all external services go there. The internal stuff I can only access via Tailscale (which automatically uses my dns).
If you have dyn, just use dyn. Some people don’t want to pay.
I get to see who verifies email addresses correctly with my @example.blue email addresses. Most people get it with minimal correction, but even Apple doesn’t programmatically do it correctly.
Subdomains for easy external access to local web apps.
Cloudflare tunnels so I don’t have to open any port in my network. You can do this even with the Cloudflare free tier. And the byproduct is DNS for free for your domain name, I actually moved the Cloudflare because DNS was getting too expensive with my domain name provider.