Hi everyone!
I’m looking into self-hosting, and I currently have dynamic DNS set up to point to my home IP.
My question: is it worth getting a dedicated IP through a VPN?
I’m pretty technically savvy, but when it comes to networking I lack practical experience. My thought is that pointing my domain to a dedicated IP and routing that traffic to my home IP would be safer - especially if I only allow traffic on certain ports from that IP. Just curious if that idea holds up in practice, or if it’s not worth the effort.
You must log in or # to comment.
VPN providers usually do not offer port forwarding, so the dedicated IP doesn’t help you. I discussed that in length with a support guy from nordvpn. The dedicated IP is only meant for outgoing connections, so your IP doesn’t jump to crazy, which would cause problems,e.g., with bank logins.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System HTTP Hypertext Transfer Protocol, the Web HTTPS HTTP over SSL IP Internet Protocol SSH Secure Shell for remote terminal access SSL Secure Sockets Layer, for transparent encryption TLS Transport Layer Security, supersedes SSL VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting) nginx Popular HTTP server
[Thread #737 for this sub, first seen 5th May 2024, 05:35] [FAQ] [Full list] [Contact] [Source code]
As long as whatever firewall rules you’re using is capable of resolving FQDNs then I don’t see an advantage of doing this. Maybe in the off chance that your IP changes, someone else gets the old IP and exploits it before the DDNS setup has a chance to update. I think that’s really unlikely.
Edit: just to add to this, I do think static IPs are preferable to DDNS, just because it’s easier, but they also typically cost money.
Why do firewall rules need to resolve FQDNs?
To resolve whatever hostname you’ve setup for ddns
Sorry, but I still don’t understand, what’s the need for that?
Because you’re not going to setup any rules pointed to a dynamic public IP address. Otherwise you’re going to be finding a way to change the rule every time the ip changes.
The ddns automatically updates an A record with your public IP address any time it changes, so yeah the rules would use the fqdn for that A record.
What’s the need of the public IP in the firewall rules?
If OP needs a firewall rule to do any number of things that a firewall does.
I’m curious to know in which case is useful to know the public IP in a firewall rule because I’ve never used it.