Hi everyone!
I’m looking into self-hosting, and I currently have dynamic DNS set up to point to my home IP.
My question: is it worth getting a dedicated IP through a VPN?
I’m pretty technically savvy, but when it comes to networking I lack practical experience. My thought is that pointing my domain to a dedicated IP and routing that traffic to my home IP would be safer - especially if I only allow traffic on certain ports from that IP. Just curious if that idea holds up in practice, or if it’s not worth the effort.
As long as whatever firewall rules you’re using is capable of resolving FQDNs then I don’t see an advantage of doing this. Maybe in the off chance that your IP changes, someone else gets the old IP and exploits it before the DDNS setup has a chance to update. I think that’s really unlikely.
Edit: just to add to this, I do think static IPs are preferable to DDNS, just because it’s easier, but they also typically cost money.
Why do firewall rules need to resolve FQDNs?
To resolve whatever hostname you’ve setup for ddns
Sorry, but I still don’t understand, what’s the need for that?
Because you’re not going to setup any rules pointed to a dynamic public IP address. Otherwise you’re going to be finding a way to change the rule every time the ip changes.
The ddns automatically updates an A record with your public IP address any time it changes, so yeah the rules would use the fqdn for that A record.
What’s the need of the public IP in the firewall rules?
If OP needs a firewall rule to do any number of things that a firewall does.
I’m curious to know in which case is useful to know the public IP in a firewall rule because I’ve never used it.
An access rule for instance. To say to allow all traffic or specific types of traffic from a public IP address. This could be if you wanted to allow access to some media server from your friends house or something.