One perk that someone told me about is that you can use your domain to get around not having a static IP (because the DNS will compensate).
If I were to get a Cloudflare domain name then what would be some other pros and cons?
One benefit for me that wasn’t immediately apparent is a custom email, paired with something like proton mail and simple login I turned it into a catch all.
It’s fantastic. Company asks for a email, sure. Walmart@problematicpenguin.org. Now, I can sort anything that arrives to walmart@ right into the spam box. Doesn’t matter what address they’d send it from.
Fucking. Brilliant.
I miss the days when you could just do johnsmith+walmart@gmail.com when signing up on a website, but now everyone either outright rejects it as invalid or parses it out.
It was useful because you could see who was selling your email address, but that exposed too many companies and was losing them $$$ so they patched it :(
See, I keep reading that. Idk for sure if it’s because I use a custom domain, but no company has rejected me yet. Closest I got was a, “Is this a real email address?” “Yes” “That’s so cool! How is your email mydumbcompany@problematicpenguin.com?”
This. I’ve done this since 2003 (when I got my first custom domain + email) and I’ve discovered several forums, services and companies that have either sold their databases or (most probably) got hacked and never made it public.
Pro-tip: If you are going to give out the address face to face, they might not trust you or not understand when you tell them that your email address is theirCompanyName@yourdomain.org. I even had a store blatantly refusing to type that into their system. So, I started using ROT-13 to encode the company/service name, and just telling them the address is gurvePbzcnalAnzr@yourdomain.org. Nobody has ever asked why my email address was so unpronounceable.
I usually get “oh, do you work for…”.
No, it’s just my spam filter.
“Why?”
“Because I have strict rules where if the sender and recipient don’t match, it gets deleted and I’ll never see it.”
And then there’s the ones that are like “check your spam folder”…
“I don’t have a spam folder, because every company has their own email address, so I either get it or I don’t, depending on YOUR system and whether it works properly”.
True or not, “technical jargon” doesn’t really get questioned after a certain point.
Does this work with Google Workspace/gmail? And how do you do it? If you’re at some new store say hshsb do you create the email before you go or while you’re there?
You can point simple login to your exosting Gmail account, sure. Simplelogin is a paid service.
If you have dyn, just use dyn. Some people don’t want to pay.
One thing that wasn’t mentioned: I can use *.internal.domain.com and not have that routed on public DNS (using my own DNS with pihole + unbound or adguard). Of course still valid certificate for that domain.
It feels good using a domain name I can type it and secondly *.domain.com IS publically routed, meaning all external services go there. The internal stuff I can only access via Tailscale (which automatically uses my dns).
I’ve recently set up hard coded local entries for router.domain and nas.domain but not got around to adding printer.domain yet. In theory it is quite possible to define static DHCP entries for a bunch of different containers with bridged network interfaces then add entries for individual services like filemanager.domain and mediastreamer.domain and downloader.domain and cctv.domain etc.
You’d need to implement Dynamic DNS to update the records. DNS alone won’t do that.
There are docker containers that auto update cloudflare a records for dynamic IP.
Correct. I used NOIP for years until I realized that 1) my IP address is static and 2) my home IP address was being exposed. (Pretty obvious I know but sometimes I am slow on the uptake 😃)
My solution was to get a $5 per month vps and reverse proxy and reverse ssh tunnels.
The $5 / month VPS ($60/year) was pretty much the cost of NOIP per year to use custom domains.
- cobra89 ( @cobra89@beehaw.org ) English1•10 months ago
I just use duckdns as a free dynamic IP service. But you are correct about it exposing your home IP. Personally I’m not concerned about that so it works for me. Then I use Apache to route my incoming traffic depending on subdomain.
Cloudflare tunnels so I don’t have to open any port in my network. You can do this even with the Cloudflare free tier. And the byproduct is DNS for free for your domain name, I actually moved the Cloudflare because DNS was getting too expensive with my domain name provider.
Subdomains for easy external access to local web apps.
- good-looking domains instead of IPs
- tons of subdomains instead of ports
- universally recognized TLS certs via Let’s Encrypt. DNS challenges are the way to go - you don’t even have to expose your HTTP server
- dynamic DNS, again available via API
inbox@yourdomain.com
(better not to self-host, but to use an email provider)
- universally recognized TLS certs via Let’s Encrypt. DNS challenges are the way to go - you don’t even have to expose your HTTP server
Just a note, as we’ve had this discussion before: DNS ACME challenges will publish the FQDN of every service you encrypt to a public record, which some sites will scrape up. Just in case this bothers some people.
universally recognized TLS certs via Let’s Encrypt. DNS challenges are the way to go - you don’t even have to expose your HTTP server
I use DNS challenges for mine as well, but I have been manually renewing my cert every time. Is there a way to automate letsencrypt/cerbot renewal when you use DNS challenges?
can recommend acme.sh if on Linux
tons of subdomains instead of ports
Just to be clear for OP, that applies only for protocols that “support DNS” as in, they send the DNS in the protocol.
The one I have in mind: http(s) and emails.
Games, FTP and most of the protocols don’t.
Still a bit wrong. You can use things like Portzilla and make it so that certain subdomains are for certain game servers.
Hum, then I am missing something because portzilla is just a reverse proxy by the look of it
This mean:
- you need to use http (games and ftp don’t)
Or
- you have multiple IPs (one per sub domain if I want to go with the examples from portzilla).
I assumed OP was in IPV4 and only has one IP.
Just to be sure from my other assumptions (kinda ELI5)
- DNS doesn’t exist on the transport layer. It is converted to an IP and your computer just try to connect to that IP. So whatever DNS you use, if they point to the same IP you have no way to distinguish from what “DNS” they want to go.
This is how networking works. Only with IP, no DNS.
- some applications (http), added support for DNS. When the user type a DNS, even if your computer still use IP to reach the server, the browser will introduce itself by telling the server the DNS it tried to reach.
- cobra89 ( @cobra89@beehaw.org ) English1•10 months ago
You can also just use a web server like apache and have it forward the traffic to the correct place depending on the sub domain. This is what I do, I can have minecraft.mydomain.com route to 192.168.1.40:5000 and valheim.mydomain.com route to 192.168.1.40:27015.