A week ago I sent an email to support@desec.io from my registered email requesting an increase to my domain limit, but I haven’t heard back yet.
I am currently setting up site-to-site VPNs across six locations and would like to use my own domains to manage the connection endpoints.
To support this setup, could you please increase my account limit to 6 domain slots? I’m looking forward to utilizing deSEC’s DDNS features for these tunnels. Please let me know if you need any further details to approve this request. I’d greatly appreciate the help getting these set up.
While I can not comment on the lack of response from deSEC support team to your email, the reason you gave for your request makes no sense.
Regardless of whether you are using a subdomain of dedyn.io or your own domain, you can add multiple subnames to these to represent your six locations. Then you can setup DDNS for each of these subnames. You do not need multiple domains for that.
Example A) Let’s say you are using example.dedyn.io as your domain.
Then you can add A/AAAA records to location1.example.dedyn.io, location2.example.dedyn.io, etc. and update those records using the IP Update API.
Example B) If you are using your own domain, e.g. example.com, the same thing works: location1.example.com, location2.example.com, etc.
The only potential issue would be running into Rate Limits if the public IPs at multiple locations change at the same time. But the risk can be mitigated with good error handling, random delays, etc., which are all a good idea in any case. And some of the Rate Limits might apply per account anyway.
Thank you for your reply. Your question may also be someone else’s question.
I completely understand the busy schedule of deSEC as a small, non-profit team, which is why I waited a week before seeking help on the forum. Undeniably, deSEC’s work has been very successful. The wait was worthwhile.
I also understand and know that generally six locations can use six subdomains. However, my university has its own policies regarding domain name usage. Several labs on campus require domains related to university projects, making it impossible to use six subdomains of a single domain.
Thank you for reminding me about Rate Limits. My home internet uses a regular ISP fiber, which changes IP addresses at irregular intervals, such as every three months. The university lab does have fixed IP addresses. However, because the projects I supervise with my students sometimes have vulnerabilities, we randomly change the IP addresses in the university’s IP address pool every two to three weeks to prevent potential attacks. We can manually set the IP update frequency for each lab. I believe Rate Limits shouldn’t be a problem for me. Thank you again for your kind reminder.
Huh? I was replying to you. I haven’t asked any questions.
Maybe you should have mentioned that in your initial request?
Anyway, if this is just for getting DDNS setup for a VPN connecting hosts/sites with dynamic public IPs, I don’t really see how those policies would be very smart. The names are only relevant to the VPN admin. (Now from an IT security point of view connecting multiple networks in a university context, bypassing all firewalls, might be worrying to the IT-security department of the university. And they probably have lots of policies as well. But that’s a different issue. )
But like I said, I don’t speak for deSEC. I just gave you a technically feasible alternative. I’m sure there are others.
I agree with your point. If it weren’t for university policy, I would prefer to use one domain name and six subdomains. That would be much easier to manage.
In short, universities have various policies, some reasonable and some unreasonable, and we can only develop, deploy, and debug within the policy framework.
We also take the security of the school network very seriously. Our site-to-site VPN is mainly to facilitate unified access to resources for students from different countries within the project team. Several students are specifically responsible for VPN auditing and security maintenance.
Thank you for all your replies; they were very helpful to me.
Making up stupid rules that don’t gain any security, in praxis often lead to wonky workarounds that are in fact more dangerous.
Another possible solution:
Why even bother with DNS to begin with? You are using site-to-site VPNs? These sites have static IPv4 or at least a static IPv6 prefix. Just use IPs and don’t bother with DNS.
We are quite busy, but not so busy that we don’t respond to support requests If your message wasn’t answered, it must have been an oversight or a deliverability issue.
Can you email us again, and then post here the time when you did that? This way I can make sure to find your email. Thanks!
)