Hi everyone,
a couple of friends and I have a Jellyfin server running which is exposed to the internet via a reverse-proxy and https by using a free dynDNS provider.
The setup is working fine besides the dynDNS provider. We constantly face connection issues, making the dynamic DNS functionality very unreliable.
So I started looking into possible solutions and one particular would be to buy an own domain which would only cost a few bucks each month. With this I could keep the current setup and would just need to change the domain (and possibly the SSL certificate). I found a provider over which I could buy (rent?) a domain and which also provides dynDNS functionality. But I am not too sure if I understood this correctly:
- if I have an own domain, why would I need the additional dynDNS functionality? I would guess that I would just continue updating your server’s IP address to the domain name like we are doing now
- can the provider over which I rent the domain with servers in my country actually see what our traffic is? Especially since we are streaming our movies etc.
- is there a better way of obtaining and setting up your own domain also in terms of privacy and reliability than with a bigger company offering such services?
Thanks a lot for your feedback!
Edit: An important fact I forgot to add in my main post is that during these issues, the general server connection should be fine since it is located at a friends house and his internet connection is unaffected (e.g. we could still talk in Discord normally and he had no internet issues whatsoever)
You must log in or register to comment.
It’s possible that, when the ISP revokes the public address and assigns a new one, the DNS record isn’t updated immediately and still points to the old address. Then every new request would be sent to the old, invalid address.
And this is where I start shilling for Tailscale. It’s a Wireguard-based mesh VPN that is designed to work from behind firewalls, NAT, and CGNAT. It has its own internal split DNS provider, and probably some mechanism to handle public address changes that is transparent to the tunnelled traffic. You can use it to share the server with only the devices that have the client installed, or expose the server to the internet.
I’ve got it set up on my OPNSense firewall as a subnet router that advertises the subnet where my servers are, and often stream from Jellyfin over it. There’s some overhead, but it’s never been disruptive.
It’s possible that, when the ISP revokes the public address and assigns a new one, the DNS record isn’t updated immediately and still points to the old address. Then every new request would be sent to the old, invalid address.
I’ve got it set up on my OPNSense firewall
OPNsense has ddclient built in which solves this problem as well.
Sure but of the 10 plus years I’ve been doing this never had an issue like that. But I have a 5 minute TTL.
Dyndns really shouldn’t affect your connection, as long as you have a local client that updates your record automatically.
I use jellyfin together with caddy and it was pretty seamless to setup. I configured the caddyfile to redirect my incoming domain to my local ip and the rest worked automatically. It sets up a legitimate certificate for the domain using lets encrypt and automatically renews it.
When you have an encrypted connection, the isp can’t see what is being sent between you and the webserver. They can however see your dns-requests unless you have dns over encryption enabled.
The only security measure beyond keeping things up to date that i would recommend is to have a geo-blocker enabled for incoming traffic to your network.
Thanks, yes I also use a script that constantly sends the current IP address to the dynDNS provider. I could be completely wrong, but the internet connection of my friends house where the server stands is fine even during these connection issues. So I would blame the DNS resolution, but it is also my first time running a server.
How frequently do you send these updates? Most of dynDNS provider rate limit the updates you can send, so it is possible that you send a bunch of useless updates when the IP didn’t change and the actual update that is required gets discarded because you hit the limit.
Do you log your script errors somewhere? Are you sure that the IP changes so frequently?
I know at least 3 European fiber providers which offers static IPs. For broadband always on connections IP changes should be pretty rare
deleted by creator
I have a cronjob that runs every minute to update the IP address. I could try to increase it to every hour or so. In the beginning I tracked how often the ISP changed the address and it was roughly like once every 24-30 hours, cannot really remember.
Maybe change the script to just send updates whenever the ip really changed.
If you have a static IP where you host your jellyfin service you shouldn’t need your dydns anymore.
a domain provider doesn’t know what you are doing. It knows you want to access jellyfin.your.domain but has no clue what you are watching or the specific URLs you are going to.
Think of it like a library reference card, the library knows you want Encyclopaedia Britannica volume 12, but they don’t know what you are actually looking up.I have a domain with porkbun and dont have issues. When my reverse proxy needs a new certificate I do nothing because Traefik uses the porkbun API to do the Let’s Encrypt DNS validation.
Even if you have a dynamic IP it’s trivial to set up automatic DNS updates with a good provider that has an API to do it.
Let’s back up some - a free dynDNS provider would not cause connection issues, unless DNS resolution itself stopped working - which is unlikely. It sounds more like the Internet you’re running off of itself has issues. What in particular is making you blame the dynDNS? Who is it?
… Check duckdns constant resolution issues. There’s lots of threads about their inconsistency and unreliability. Can’t really complain, because it’s truly free, but there’s no full week that goes without issue.
Ha, if he said duckDNS I was going to recommend something more reliable like freedns.afraid.org.
That being said, the description in his post doesn’t make it seem that way.
For me it seems like a very similar issue with these inconsistencies. Why would your think it does not really match? Especially given that the network connection of our server location is always fine during these down times?
Your connection being fine during downtime is a new detail not in your original post that changes the dynamics. That being said I believe my other response should be helpful.
For me it seems like to be a similar issue with the duckdns inconsistencies.
I am using dynv6.com. The reason I blame the DNS resolution is because when I have issues connecting (as if the domain is not available), it does not mean that my friends cannot connect either. The server is at a friends house who has a fiber connection and who has no issues when we habe trouble connecting again. I could be totally wrong, but to me it sounds like dynv6 has some troubles.
I also have a script running, which constantly updates dynv6 with our current IP address.
Well, it can’t hurt to cross it off. You don’t need to get a domain from a registrar that offers dynamic DNS, you just need to register a domain (or try another dynamic DNS like the other user suggested) and use a DNS provider that is free and offers an API. I personally use Cloudflare, there are plenty of guides for setting up a dynamic record on CF.
For registering a domain you can use an affordable registrar, I’m a Porkbun customer - for a
.comdomain it’s like $11 for a year. No need to spend monthly.I looked into porkbun and it seems that they already offer a Cloudflare API for dynamic DNS. Why did you choose to separately use Cloudflare? Bit otherwise it looks promising to give it a try.
I used to use dynv6, but I started having issues about 2 years ago. DNS records would just stop resolving until I deleted and recreated them. Their forum has been broken for years, so there’s no way to get support.
If you only need 5 records or less, give FreeDNS a try.
yeah I have a domain and static ip, once you figure out in the domain name providers DNS manager to point the domain at your static IP it’s really set and forget
but at the same time make sure to keep your stuff up to date because you’re now exposing it to all the chinese and russian bots trying to hack you
can the provider over which I rent the domain with servers in my country actually see what our traffic is? Especially since we are streaming our movies etc.
That’s what encryption is for, a.k.a. HTTPS in this case.
But that is about the ISP (and all hops in between). The provider, where you buy the domain, does not see the traffic at all. Basically the domain seller just controls the nameservers for that domain, but doesn’t see the traffic that goes to those domains.
Basically by buying a domain you buy an entry into the telephone book
Well they wrote provider of “domain with servers”. TBF (to myself) I think OP is confusing things. If they meant the domain only, you are correct.
As someone else mentioned, this does not seem to be an issue with the DynDNS itself. But rather the fact that your ISP changes your IP regularly (DHCP, non-static IP). I would really recommend you get a static IP from your ISP. DNS lookups should never fail after that.
I have a script running which sends the current IP to our dynDNS provider. I would assume that this is fine then?
Sure, but until their DNS records update, the server is unreachable at the domain address.
So there could be a potenital issue where the correct IP address has been sent but the record has not been updated … Yesterday for example we faced the issue that at least one of three could not access the server. Suddenly it worked for someone who could not connect, only for him to lose access again after a couple of minutes. We all have been in Discord during that time, and the internet connection was fine for everyone.
Whenever I create a redirection on my domain it’s always instantaneous, but it still warns me that “DNS records may take up to 24h to propagate”
If there’s several of you, really, get a dedicated IP address (a domain name is nice but not necessary). Usually a dedicated IP is not an option for normal priced home connections, but a full (not shared) VPS with decent storage/performance can be had for under €10/month, and that will always have a static IP.
Don’t even need storage or performance or anything on the VPS, just forward stuff to the homeserver.
@[email protected] I have a static IP provided by my ISP. I own my own domain name. I use BunnyCDN to manage my DNS.
On my server I run Jellyfin and reverse proxy with Caddy, I also run Fail2Ban. Caddy has built in SSL certification.
After I set it all up (which took me a few tries to get it all right as I was learning on the go) it just runs with no apparent problems. I check logs and monitor it regularly however so far I haven’t had any problems.
The Jellyfin address is shared only to a few family members.
I’m in the EU so GDPR applies and none of the involved companies is datamining my stuff. Their policies are to be non-invasive.
I am in the same boat (learning on the go, living in EU and using fail2ban and reverse proxy although I use nginx). Sounds good that it runs so well for you! Where did you register your domain? I’ll look into BunnyCDN as well.
@[email protected]
It’s a domain I’ve had for 15 years (I keep renewing) and I registered with 123-reg.If you 're in the EU definitely check out Bunny. They’re based in Slovenia. I used their free trial, to test it all out. After that their pricing is competitive, and mostly if you’re a single user homelab type you’ll pay nothing. At least, that’s been my experience for the past 8 months. My use falls well under their provided no charge tier.
I looked at using nginx however I liked what I read and saw of Caddy (it seemed easier for me). I don’t do anything very clever and Caddy is working great for me.
*I’m not associated with them other than to be a customer. Prior to switching to Bunny I used Cloudflare free level but I wanted to get away from anything associated with the USA and their (lack of ) data protection laws.
Thanks a lot for your suggestions and feedback! I also would like to use services within the EU, so I will give Bunny a closer look.
Can you explain the connection issues? Dynamic dns services aren’t much different than a normal domain name.
If the problem is with your ip address changing then you need to get a more permanent ip.
In fact you can usually get a domain name from the dynamic dns provider and they can update it.
A way around this is to use a service like Tailscale. Their ip address for your host won’t change. The downside is you need to be on von to access it. There might be other options.
The server is running at my friends house who has a fiber connection. When we face these connection issues, it does not necessarily mean that all of us cannot access Jellyfin but often times only a couple of us cannot access (same error as if you mistype a web-address, so it cannot resolve the domain name). During these periods of connection issues, the internet connection of my friend is working completely fine. I have a script running that constantly sends the current IP address to the dynDNS provider. I also looked into how often our ISP changes the IP address and it is not very often and not during these issues.
A different domain name won’t fix the issue you’re describing.
You are probably better off using something like Tailscale. You don’t need to expose your system with a reverse proxy then.
Especially because jellyfin is not designed to be on the Internet. There are several known unresolved security issues, and probably more unknown. I strongly recommend using a VPN for access.
