Dynamic DNS doesn't work?

I activated the dynamic DNS from GliNET, but the GUI shows that it doesn’t work.

I can refresh the list of plugins, so I think, I’m online. But the DDNS-Test shows me “no Internet…”.
But if I ping the address, it works. So I will test the connection with wireguard.


#Edit: wiregurad works, so the DDNS-Test shows wrong result. Is it maybe a bug?

What’s your ddns address? I’ll check fr my end. You can PM me if you don’t want to publicly post it.

Thanks, but I think. there is no need, because it works. The client can connect.
Now I have other problems within the DMZ of ipfire :smiley:

Wait, wait, wait, wait, wait… now I remember conversing with you. So you run IPFire? Yeah, my comments regarding the convenience of GL ddns v deSEC.io doesn’t apply to you. You can handle the cli & LuCI to get proper ddns DNSSEC.

Hell, I’ll even post the conf of my deSEC conf for you to template from. It’s stupidity easy once you SSH into your device & install the nano editor:

opkg update && opkg install nano

Given the philosophy of use behind IPFire, I’d say you & I would be doing yourself a disservice if you skipped DNSSEC.

Oh man, if you think this is a bug, wait until I tell you about what can happen when you combine ddns & wg tunnels:

"It’s not a bug; it’s a feature!

I don’t really understand, what you mean. The dynDNS from GliNet works. The thing, that doesn’t work is the DDNS Test within GliNet interface.

But I’m rather sure, that it has to do with that problem here: Brume 2 in DMZ? - #2 by yuxin.zou

I can connect to the Brume2, but I can not get out of there.
For the refresh of the apps within GL works, I suppose that it has smth to do with DNS resolving.

GL’s dynDNS may work… just as port 53 still works for outgoing DNS… but… is it secure?

DNSSEC locks that sh!t down tight. No MITM attacks are practically possible (read: outside of the three letter agencies… & even then it ain’t necessarily easy) as when you connect to a DNSSEC-enable domain, you know it’s cryptographically verified to be the right one.

DNSSEC is already apart of your device if you go to GUI → Network → DNS → Encrypted DNS → Cloudflare → Cloudflare (IPv4). From our perspective, that’s DNSSEC for outgoing.

Now consider that protection as apart of your ddns for incoming connections.

Humm; that’d be an issue regardless of the ddns service provider. Okay, if you get that sorted first you can always PM to pick up at this point.

Cloudflare is for big gata, but not for privacy. So the question is, what dynDNS to use with also privacy idea?

yes, I think, that’s the point, but I must understand, whats going on with the whole DNS thing in GL and in DMZ and so on

It can wait. Let’s worry about dynDNS with DNSSEC after you get your DMZ issue corrected. I don’t have much to offer on that aspect, unfortunately.

What firmware version are you on?
Version 4.2 should prompt you to configure a VPN policy so that DDNS services are not forwarded through the VPN.

Now I upgraded to 4.2 and as it seems, also the DDNS Test works. It shows me an IP.