Access to homeserver from another country

Hello,
I am newbie to DDNS. I access my Ubuntu homeserver via desec, ddclient, IPv6 and letsencrypt certificate. Works so far, except that the server in Germany is not accessible from other countries (eg Holland).
Does it have to do with the DNS policy of the respective countries, or can/should I adjust something?
Thanks :slight_smile:

Hi ncclouds

DynDNS (Dynamic DNS) is “just normal DNS” with an automatic mechanism to change A/AAAA-records when your home IP address changes. In principle, you should get the same DNS answers abroad, as long as your foreign provider and deSec does not block anything. As far as I know, deSec does not block anything. If your foreign provider manipulates DNS records, that would of course be bad.

A few ideas for debugging:

  • You are talking about IPv6. Does your foreign provider in Holland support IPv6?
  • If you have both IPv4 and IPv6 set up, have you tested both?
# ipv4
curl -4 https://<your-hostname>

# ipv6
curl -6 https://<your-hostname>
  • Do you get the same DNS records back in Holland as in Germany?
# ipv4
dig <your-hostname> a

# ipv6
dig <your-hostname> aaaa

The commands are only examples, of course there are other ways to test this.

Best,
Markus

In addition to what @markus wrote:

Just because your connection attempts from Holland don’t work, you are making unwarranted generalizations:

  • One (or a few?) location(s)/connection(s) in Holland => all of Holland
  • Holland => any country outside of Germany
  • Server unreachable => DNS issue

I think it is highly unlikely that your current location (Holland) is relevant to the problem. Your current Internet connection might be involved. If you currently get IPv4 service only and your home server uses IPv6 only then it will not work. But that is not a DNS issue. Test this by accessing https://checkipv6.dedyn.io/ in a browser or using curl. If it does not give you an IPv6 address, then you need to find a different Internet connection.

Other things to consider:

  • Are you sure that your home server is actually up?

  • Are you sure that your home ddclient has correctly updated the public IPs? (For IPv6 this probably needs to be the current public address of your Ubuntu server, not the one of your router. And the router needs to allow incoming traffic to that IP.)

  • Firewalls or content filters might prevent access, though that would probably not be a DNS-related issue. Holland as a country does not do any such filtering to my knowledge. Neither does Germany.

  • Have you tried using a public DNS (Google, Cloudflare, etc.) in Holland (instead of the one your current Internet provider wants you to use)?
    Compare the result of $ host <your-hostname> to $ dig @1.1.1.1 <your-hostname> aaaa

  • Have you ever successfully tested access from outside your LAN (in Germany)?

fiwswe

Hello and thank you both for the quick replies and help in the practice on debugging!

It looks like, as @fiwswe wrote, I made wrong generalizations…
Because, it works “now” from some countries (U.S., Greece, Luxembourg). So, it’s probably due to the particular internet settings and not a DNS issue.

The guy in Holland gets the exact output like me, when he runs dig <my-hostname> aaaa :

;; QUESTION SECTION:
;<my-hostname>.		IN	AAAA

;; ANSWER SECTION:
<my-hostname>.	60	IN	AAAA	my:IP:v6

but he still sees this message in Chrome:

DNS_PROBE_FINISHED_NXDOMAIN

when he trys to access my domain (with either his VPN on or off). The same applys to my acquaintances in Canada.

And yes, my home server is actually up and have tested its accessibility outside of my LAN at home on my cell phone (WiFi off) and from other locations/cities in Germany on other computers.

So, I guess the issue is “SOLVED” but never really existed :slight_smile:

The only issue I still have, is the accessibility of my home server from INSIDE my LAN, when my VPN is activated, but is it something, that has to do only with my VPN-provider, or is there a general workaround? Should I open a new thread because here is off topic?

Not sure what is going on there. But modern browsers do tend to do surprising stuff. To avoid that, I’d use curl for testing. It does exactly what you tell it to. If that works you can try to figure out your browser :wink:

Also, to get back to the DNS topic on this forum, does your hostname only publish an AAAA record or does it also have an A record (or a CNAME record)?

Does your webserver use TLS (HTTPS)?

Yes that can be tricky. But this is definitively not something related to deSEC. So OT here. Anyway you did not provide enough information to even make a guess. I’d start by looking at my routing tables, and sometimes the router needs to be configured allow DNS records pointing to LAN IPs (DNS-Rebind)…

fiwswe

Yes only AAAA and no CNAME record

Yes, from Letsencrypt.

But, as I wrote, the issue should be marked as ‘solved’ :slight_smile:

Ok, thanks, I’ll look after it :+1: