Hi everyone,
a couple of friends and I have a Jellyfin server running which is exposed to the internet via a reverse-proxy and https by using a free dynDNS provider.
The setup is working fine besides the dynDNS provider. We constantly face connection issues, making the dynamic DNS functionality very unreliable.
So I started looking into possible solutions and one particular would be to buy an own domain which would only cost a few bucks each month. With this I could keep the current setup and would just need to change the domain (and possibly the SSL certificate). I found a provider over which I could buy (rent?) a domain and which also provides dynDNS functionality. But I am not too sure if I understood this correctly:
- if I have an own domain, why would I need the additional dynDNS functionality? I would guess that I would just continue updating your server’s IP address to the domain name like we are doing now
- can the provider over which I rent the domain with servers in my country actually see what our traffic is? Especially since we are streaming our movies etc.
- is there a better way of obtaining and setting up your own domain also in terms of privacy and reliability than with a bigger company offering such services?
Thanks a lot for your feedback!
Edit: An important fact I forgot to add in my main post is that during these issues, the general server connection should be fine since it is located at a friends house and his internet connection is unaffected (e.g. we could still talk in Discord normally and he had no internet issues whatsoever)
It’s possible that, when the ISP revokes the public address and assigns a new one, the DNS record isn’t updated immediately and still points to the old address. Then every new request would be sent to the old, invalid address.
And this is where I start shilling for Tailscale. It’s a Wireguard-based mesh VPN that is designed to work from behind firewalls, NAT, and CGNAT. It has its own internal split DNS provider, and probably some mechanism to handle public address changes that is transparent to the tunnelled traffic. You can use it to share the server with only the devices that have the client installed, or expose the server to the internet.
I’ve got it set up on my OPNSense firewall as a subnet router that advertises the subnet where my servers are, and often stream from Jellyfin over it. There’s some overhead, but it’s never been disruptive.
OPNsense has ddclient built in which solves this problem as well.
Sure but of the 10 plus years I’ve been doing this never had an issue like that. But I have a 5 minute TTL.