I share my public IP with other provider customers

MoonKid · August 17, 2022, 7:50am

I am sorry but I don’t know the professional term.

My public IP (on an DSL access) is dynamic of course.
But I also share this IP with other customers of the same provider.

In that case: Is it even possible to use DynDNS?

nils · August 17, 2022, 8:49am

Hey MoonKid, welcome to deSEC!

I believe you are referring to carrier-grade NAT. Since you still have a public IP address, you can communicate this address to the deSEC servers and it will be published in the DNS. So far, no problem.

What probably will not work is that you connect to services that run at your home. The reason is that – from perspective of your ISP – it is unclear to which home a packet with that IP address should be routed.

There may exist more complicated solutions to this problem, depending on your exact setup. Maybe someone in this forum has an idea.

Best,
Nils

MoonKid · August 17, 2022, 9:01am

But then why should someone use DynDNS? Isn’t it only useful to connect to my home services (e.g. SSH, XRDP, RSYNC, NextCloud, …)?

nils · August 17, 2022, 10:24am

Not everyone is unfortunate enough to have carrier-grade NAT, and of those who do, some have globally valid IPv6 prefixes. It may even be possible to enable incoming connections though NAT hole punching.

MoonKid · August 17, 2022, 10:56am

Reminds me to SSH jump hosts.

Lipahtla · August 18, 2022, 4:00pm

@MoonKid: maybe this applies only to your IPv4. Do you have an IPv6 too ? If you get a global IPv6 you can use deSEC with this.

bouke · August 22, 2022, 8:16pm

In addition: CGNAT can be recognized by its IP address as it must be within the 100.64.0.0/10 network (100.64.0.0 - 100.127.255.255).

Some ISPs are able to provide a static public IPv4 - on request (and in most cases for an additional fee).

peter · August 22, 2022, 8:39pm

Hi bouke - welcome to the forum!

Is that true?

RFC 6598 reserves that space for CGNAT, but does not mandate that it must or should be used. In other words, if there isn’t another specification, carriers are free to choose between the reserved shared space and other IP space assigned to them.

As the term “carrier-grade NAT” (Wikipedia article since 2010) predates RFC 6598 (2012), I would guess that there are at least some legacy deployments still using private IP space. (There’s no incentive for ISPs for change, as IP space already allocated doesn’t incur cost.)

Stay secure,
Peter