I’m having issues of my DDNS not connecting to any services in my home server when I’m outside my local network. I first discovered it a while ago, and was able to bypass it with Netbird in the cloud, but since I want to self host my own Netbird VPN, it’s not working when it comes to connecting to the server outside.
DDNS never connects to anything. What you are probably trying to say is that the IPs determined by the hostnames for which you have set A/AAAA records using DDNS don’t work as expected?
Without more information it’s hard to say what the actual problem is. I’d suggest the following:
- Verify that the hostname resolves to the IP you have set via DDNS.
- Verify that the IP is actually the one that would allow packets to reach your service.
- If this is an IPv4 address then your router probably needs some sort of port forwarding configuration to forward the packets to the correct host on your LAN.
- If this is an IPv6 address then make sure that this is actually a public IP of the host the service is running on, not the public IP of the router. Also some routers require settings to allow incoming traffic from the Internet to reach the LAN host.
- Make sure that the service is actually LISTENing on the correct IP and port.
- Depending on your testing setup and your router you may also need to allow resolving the hostname to the LAN host (DNS rebind protection needs to be off for the hostname).
Feel free to send more details if these suggestions don’t help.
HTH
fiwswe
2 Likes
Since I’m a completely new to DDNS, I followed this guide, and what I can get out of it is you only need to add one ‘A’ record that points to your local IP, then a CNAME record, and leave it. After doing the rest of the instructions (like giving local DNS records to Pi-hole, getting a token for SSL Cert, and giving my services proxy hosts), it works fine while in the local network. But If I’m outside my local network, It either times out, or can’t find it.
That’s basically all I can supply at the moment. I could explore more on why this is not working, but it’s a lot to get through
Let’s start with basics then:
- DNS is similar to a phone book in that it associates data, such as IP numbers, with names. Humans have an easier time remembering names than sometimes cryptic data like IP or phone numbers. The Internet for the most part works with (cryptic) IP numbers.
- DDNS (or Dynamic DNS, DynDNS) solves the problem of updating DNS when the public IP(s) of your Internet connection change. Most home/residential Internet providers will only provide dynamic public IPs to your Internet router, i.e. they will change from time to time. So if you want to connect to services on your home network by name, then DDNS will allow that to work most of the time. (There is a short window of time after the public IPs change where DNS will point to the old IPs. How long this actually takes depends on many factors but in most cases it is less than 15 min.)
- deSEC is a DNS provider. They also provide an API for DynDNS. (Given that you posted here and given the guide you cited I’ll assume that you are using deSEC, though technically this is is a guess because you have not said so.)
- Anything beyond DNS, such as VPN setups or nginx services, certificates, etc., is not really on-topic here. You may get help from someone if you are lucky but you’ll probably need to find better sources of help for those issues.
Now based on this, the first thing to check is whether your DDNS setup is working correctly. Since we know neither the domain name, the subdomain or your current public IP(s), you will need to check this yourself. We can give help in how to do this but it varies depending on which operating system you are using. For anything like Linux, macOS, *NIX the following would work: In a terminal window type
dig +short @ns1.desec.io yourhostname A to get the IPv4 address(es) associated with yourhostname (or dig +short @ns1.desec.io yourhostname AAAA for IPv6). For a quick check you might also use host yourhostname but given the cited guide, which guides you to something like a split-DNS setup, and your mention of Pi-hole DNS setup, this may or may not yield the expected information. Anyway compare the IPs thus determined with your actual public IPs which you can probably see in the UI of your router or using a service such as https://checkipv4.dedyn.io/ (IPv4) or https://checkipv6.dedyn.io/ (IPv6).
If the DNS records match your public IPs, we’re done here. Your issue is probably not DNS related and thus off-topic.
If the DNS records don’t match your public IPs then your DDNS setup is not working correctly. We’d need more information such as:
- What DDNS client software are you using?
- How is this configured? (You don’t need to or should tell us any private data such as the actual deSEC token or your hostname. Replace them with clearly recognisable placeholders in your communication.)
- Are there any logs or error messages from your DDNS client?
Beware, this can mess up testing and isolating the issue. You need to know what you are doing!
Err, do you actually mean get the deSEC token or are you talking about getting a certificate? If you managed to get a certificate then chances are your DDNS is working fine.
Since you are apparently using split-DNS, name resolution will be different depending on whether you are on your LAN using Pi-hole or outside. Go back to step one and see if DDNS is setup correctly.
If it is, then the problem comes down to reaching your (local) service from outside your LAN. If the name correctly resolves to your public IP(s) then the packets should be routed to your router. However there are two potential issues here:
- Your router will typically block requests from the Internet unless you tell it to allow this. For IPv4 this would require port forwarding rules to be set up on your router. (I mentioned this in my first reply.)
- There are Internet connections that only get a public IPv6 address/prefix. IPv4 might be handled by DS-Lite, a type of NAT service which allows your devices to connect to IPv4 hosts on the Internet but not the reverse. If that is the case then you simply can’t use IPv4 to reach your local services from outside your LAN.
Anyone reading this will only know what information you provide. So if you hope for any help, you’ll need to provide more data. Readers here know nothing about your setup so it’s a waste of time to take wild guesses.
I took a quick look at https://netbird.io to find out what that is. There lots of things that could go wrong there including authentication, routing, as well as the more general points already mentioned above. This would not be the best place to seek help to debug those issues unless they are directly related to a DNS problem at deSEC.
HTH
fiwswe
2 Likes
Actually I take that back. Since you are probably using the ACME DNS-01 challenge type, not HTTP-01, your DDNS setup is not being tested by the certificate issuing process. DNS-01 only proves that you are able to modify DNS records.
1 Like
Is your main issue the unresponsive Pihole outside of your local network? Pihole listens to all interfaces? Or just one hop?
Alright y’all I don’t think I feel interested in fixing this, and I might plan to start from scratch (maybe use another DDNS service or what you people call it, or use Desec again but in a different way). I’ll just stick with Netbird on the cloud if I want to access my stuff, and accept that I won’t be able to access my stuff outside my local network without Netbird running. it would be appreciated if someone gave me a good guide on how to setup this stuff, but I’m good to close it off from here