Hi everyone,
a couple of friends and I have a Jellyfin server running which is exposed to the internet via a reverse-proxy and https by using a free dynDNS provider.
The setup is working fine besides the dynDNS provider. We constantly face connection issues, making the dynamic DNS functionality very unreliable.
So I started looking into possible solutions and one particular would be to buy an own domain which would only cost a few bucks each month. With this I could keep the current setup and would just need to change the domain (and possibly the SSL certificate). I found a provider over which I could buy (rent?) a domain and which also provides dynDNS functionality. But I am not too sure if I understood this correctly:
- if I have an own domain, why would I need the additional dynDNS functionality? I would guess that I would just continue updating your server’s IP address to the domain name like we are doing now
- can the provider over which I rent the domain with servers in my country actually see what our traffic is? Especially since we are streaming our movies etc.
- is there a better way of obtaining and setting up your own domain also in terms of privacy and reliability than with a bigger company offering such services?
Thanks a lot for your feedback!
Edit: An important fact I forgot to add in my main post is that during these issues, the general server connection should be fine since it is located at a friends house and his internet connection is unaffected (e.g. we could still talk in Discord normally and he had no internet issues whatsoever)
Dyndns really shouldn’t affect your connection, as long as you have a local client that updates your record automatically.
I use jellyfin together with caddy and it was pretty seamless to setup. I configured the caddyfile to redirect my incoming domain to my local ip and the rest worked automatically. It sets up a legitimate certificate for the domain using lets encrypt and automatically renews it.
When you have an encrypted connection, the isp can’t see what is being sent between you and the webserver. They can however see your dns-requests unless you have dns over encryption enabled.
The only security measure beyond keeping things up to date that i would recommend is to have a geo-blocker enabled for incoming traffic to your network.
Thanks, yes I also use a script that constantly sends the current IP address to the dynDNS provider. I could be completely wrong, but the internet connection of my friends house where the server stands is fine even during these connection issues. So I would blame the DNS resolution, but it is also my first time running a server.
How frequently do you send these updates? Most of dynDNS provider rate limit the updates you can send, so it is possible that you send a bunch of useless updates when the IP didn’t change and the actual update that is required gets discarded because you hit the limit.
Do you log your script errors somewhere? Are you sure that the IP changes so frequently?
I know at least 3 European fiber providers which offers static IPs. For broadband always on connections IP changes should be pretty rare
deleted by creator
I have a cronjob that runs every minute to update the IP address. I could try to increase it to every hour or so. In the beginning I tracked how often the ISP changed the address and it was roughly like once every 24-30 hours, cannot really remember.
That does seem excessive. Change it so that it only sends an update to dyndns when it actually changes.
Having a new ip every 30 hours also seems pretty aggressive. I guess the DNS change might be slow to populate servers in that time if it is a “weird” top level domain.
Maybe change the script to just send updates whenever the ip really changed.