I share my public IP with other provider customers

I am sorry but I don’t know the professional term.

My public IP (on an DSL access) is dynamic of course.
But I also share this IP with other customers of the same provider.

In that case: Is it even possible to use DynDNS?

Hey MoonKid, welcome to deSEC! :slight_smile:

I believe you are referring to carrier-grade NAT. Since you still have a public IP address, you can communicate this address to the deSEC servers and it will be published in the DNS. So far, no problem.

What probably will not work is that you connect to services that run at your home. The reason is that – from perspective of your ISP – it is unclear to which home a packet with that IP address should be routed.

There may exist more complicated solutions to this problem, depending on your exact setup. Maybe someone in this forum has an idea.


But then why should someone use DynDNS? Isn’t it only useful to connect to my home services (e.g. SSH, XRDP, RSYNC, NextCloud, …)?

Not everyone is unfortunate enough to have carrier-grade NAT, and of those who do, some have globally valid IPv6 prefixes. It may even be possible to enable incoming connections though NAT hole punching.

Reminds me to SSH jump hosts.

@MoonKid: maybe this applies only to your IPv4. Do you have an IPv6 too ? If you get a global IPv6 you can use deSEC with this.

In addition: CGNAT can be recognized by its IP address as it must be within the network ( -

Some ISPs are able to provide a static public IPv4 - on request (and in most cases for an additional fee).

Hi bouke - welcome to the forum!

Is that true?

RFC 6598 reserves that space for CGNAT, but does not mandate that it must or should be used. In other words, if there isn’t another specification, carriers are free to choose between the reserved shared space and other IP space assigned to them.

As the term “carrier-grade NAT” (Wikipedia article since 2010) predates RFC 6598 (2012), I would guess that there are at least some legacy deployments still using private IP space. (There’s no incentive for ISPs for change, as IP space already allocated doesn’t incur cost.)

Stay secure,