Hello,
I am newbie to DDNS. I access my Ubuntu homeserver via desec, ddclient, IPv6 and letsencrypt certificate. Works so far, except that the server in Germany is not accessible from other countries (eg Holland).
Does it have to do with the DNS policy of the respective countries, or can/should I adjust something?
Thanks 
Hi ncclouds
DynDNS (Dynamic DNS) is ājust normal DNSā with an automatic mechanism to change A/AAAA-records when your home IP address changes. In principle, you should get the same DNS answers abroad, as long as your foreign provider and deSec does not block anything. As far as I know, deSec does not block anything. If your foreign provider manipulates DNS records, that would of course be bad.
A few ideas for debugging:
- You are talking about IPv6. Does your foreign provider in Holland support IPv6?
- If you have both IPv4 and IPv6 set up, have you tested both?
# ipv4
curl -4 https://<your-hostname>
# ipv6
curl -6 https://<your-hostname>
- Do you get the same DNS records back in Holland as in Germany?
# ipv4
dig <your-hostname> a
# ipv6
dig <your-hostname> aaaa
The commands are only examples, of course there are other ways to test this.
Best,
Markus
In addition to what @markus wrote:
Just because your connection attempts from Holland donāt work, you are making unwarranted generalizations:
- One (or a few?) location(s)/connection(s) in Holland => all of Holland
- Holland => any country outside of Germany
- Server unreachable => DNS issue
I think it is highly unlikely that your current location (Holland) is relevant to the problem. Your current Internet connection might be involved. If you currently get IPv4 service only and your home server uses IPv6 only then it will not work. But that is not a DNS issue. Test this by accessing https://checkipv6.dedyn.io/ in a browser or using curl. If it does not give you an IPv6 address, then you need to find a different Internet connection.
Other things to consider:
-
Are you sure that your home server is actually up?
-
Are you sure that your home ddclient has correctly updated the public IPs? (For IPv6 this probably needs to be the current public address of your Ubuntu server, not the one of your router. And the router needs to allow incoming traffic to that IP.)
-
Firewalls or content filters might prevent access, though that would probably not be a DNS-related issue. Holland as a country does not do any such filtering to my knowledge. Neither does Germany.
-
Have you tried using a public DNS (Google, Cloudflare, etc.) in Holland (instead of the one your current Internet provider wants you to use)?
Compare the result of$ host <your-hostname>to$ dig @1.1.1.1 <your-hostname> aaaa -
Have you ever successfully tested access from outside your LAN (in Germany)?
fiwswe
Hello and thank you both for the quick replies and help in the practice on debugging!
It looks like, as @fiwswe wrote, I made wrong generalizationsā¦
Because, it works ānowā from some countries (U.S., Greece, Luxembourg). So, itās probably due to the particular internet settings and not a DNS issue.
The guy in Holland gets the exact output like me, when he runs dig <my-hostname> aaaa :
;; QUESTION SECTION:
;<my-hostname>. IN AAAA
;; ANSWER SECTION:
<my-hostname>. 60 IN AAAA my:IP:v6
but he still sees this message in Chrome:
DNS_PROBE_FINISHED_NXDOMAIN
when he trys to access my domain (with either his VPN on or off). The same applys to my acquaintances in Canada.
And yes, my home server is actually up and have tested its accessibility outside of my LAN at home on my cell phone (WiFi off) and from other locations/cities in Germany on other computers.
So, I guess the issue is āSOLVEDā but never really existed
The only issue I still have, is the accessibility of my home server from INSIDE my LAN, when my VPN is activated, but is it something, that has to do only with my VPN-provider, or is there a general workaround? Should I open a new thread because here is off topic?
Not sure what is going on there. But modern browsers do tend to do surprising stuff. To avoid that, Iād use curl for testing. It does exactly what you tell it to. If that works you can try to figure out your browser 
Also, to get back to the DNS topic on this forum, does your hostname only publish an AAAA record or does it also have an A record (or a CNAME record)?
Does your webserver use TLS (HTTPS)?
Yes that can be tricky. But this is definitively not something related to deSEC. So OT here. Anyway you did not provide enough information to even make a guess. Iād start by looking at my routing tables, and sometimes the router needs to be configured allow DNS records pointing to LAN IPs (DNS-Rebind)ā¦
fiwswe
Yes only AAAA and no CNAME record
Yes, from Letsencrypt.
But, as I wrote, the issue should be marked as āsolvedā
Ok, thanks, Iāll look after it 