# Who hosts a web server with dynamic IP and DDNS?



## Ed_Flecko (Aug 8, 2015)

I'd like to host my own web server (and possibly my own mail server, at some point) at home, but I have Comcast and they don't allow static IPs for residential use (from what they tell me).

Does anyone here host their own (web, mail, etc.) server at home using a dynamic IP address and some dynamic DNS service? Can you give me some specifics on how you set up your FreeBSD for DDNS as well as who hosts your DNS record(s), etc.?

Thank you,
Ed


----------



## Eason (Aug 8, 2015)

I have similar situation. I am using the dynamic DNS services provided by no-ip, which you can find the corresponding software in the port tree.

Sign up on no-ip.org. Install dns/noip and set it up. Put 
	
	



```
noip_enable="YES"
```
 in /etc/rc.conf


----------



## tobik@ (Aug 8, 2015)

I use Namecheap with dns/ddclient for updating the DNS records. There really is nothing FreeBSD specific you need to worry about here. Look at what protocols/services ddclient  supports if you need some alternatives.

One thing to keep in mind when setting up a mail server is that your ISP probably does not allow you to set your reverse DNS records yourself. A lot of mail servers will reject your mails as spam if your IP does not resolve to your domain name.


----------



## NewGuy (Aug 8, 2015)

I have used FreeDNS (from afraid.org) in the past with good results. Their DNS runs on FreeBSD so they're friendly to the community and their low-level accounts are free. Assuming you have a domain name already, FreeDNS gives you a cron script you can copy into your crontab file and it will update your dynamic domain every minute/hour/day. No software installation required.


----------



## Ed_Flecko (Aug 8, 2015)

Cool! Thank you ALL for your input and suggestions!



Ed


----------



## TheDreamer (Aug 8, 2015)

I had made a donation back when dyndns was free, so now that, IIRC, become a $40/year service, I have it free for life.  I also use dns/ddclient to handle updates.  I expose a variety of services on a FreeBSD server setup on the DMZ IP behind my router (which was necessary as I had run out of port forwards.)  Main services include: www/nginx, net/haproxy, www/squid and net/mosh.

Nginx as reverse proxy to www/apache22, haven't had time to upgrade it, running on same server or other servers at home, along with some other web interfaces around my home network.  HAproxy became necessary when the TCP proxy option in www/nginx port went away, I had suggested patch to get to come back once, but nginx continued to get newer...  Mosh has become my preferred way to ssh in remotely, and since it needs regular ssh for session establishment, I have base `sshd` listening on a high port which I can also use regular ssh to get in.  It is running as a separate instance from the default one on port 22, with a more restrictive config.  And, I exposed squid, as learned from other friends/co-workers this is an easier way to access internal websites than reverse proxy, and the way to get around the restrictive firewall from classroom network of a training provider that we frequently get sent to...

Perhaps someday I'll replace my router with pfSense....

What I did for email, was setup the dyndns domain in my dreamhost account, and set one of the MX servers to be MX for my dyndns name.  Its mainly so errant emails leaving my home using dyndns domain can come back to me.  Not sure if Dyn still offers their MX relay option for dynamic domains. It basically gateways incoming mail from port 25 to some other port to get past most ISPs blocking port 25.  I've used their outbound mailhop service for years (which in addition to port 25 listens on 2525 and 10025), which is now handled by DuoCircle as Dyn is now focusing on their high volume email delivery services.

I recently found out that godaddy's mail service offers port 80 as an alternative to 25 for smtp.  I recall that mailhop specifically didn't list 587, though it offers 465 and 10465.  But, AFAIK, it isn't possible in general sense to have sendmail use that.

It is a work-in-progress to get mail/sendmail to use the appropriate mailserver and credentials depending what account I'm sending with....mainly as some of these have been more restrictive o the server that sends mail as my account.  At the moment its just one of many home projects I started and....

The Dreamer.


----------



## MattS (Aug 14, 2015)

tobik said:


> I use Namecheap with dns/ddclient for updating the DNS records. There really is nothing FreeBSD specific you need to worry about here. Look at what protocols/services ddclient  supports if you need some alternatives.
> 
> One thing to keep in mind when setting up a mail server is that your ISP probably does not allow you to set your reverse DNS records yourself. A lot of mail servers will reject your mails as spam if your IP does not resolve to your domain name.



I also use Namecheap, which includes free DynamicDNS with domain names. Very happy with Namecheap!

For my mail server, I forward outbound messages to my ISP's relayhost.


----------



## TheDreamer (Aug 16, 2015)

MattS said:


> For my mail server, I forward outbound messages to my ISP's relayhost.



This can be fine, if you're using their domain, or using a domain that doesn't have a restrictive SPF or doesn't have an SPF at all.  OTOH, if you are using domains that have restrictive SPF (and possibly other measures), then your messages might end up in spam folder or rejected.

Or what recently happened, somebody pointed out that my SPF was bad, due to errors in an _include:<fqdn>_ which is the mailer I current send everything from home through.  Due to where I had put that/my provider's include it was causing mail from pretty much everybody in our domain (a .edu) to land in spam folders everywhere.  When I opened ticket, I got an unhelpful canned answer on what an SPF include: is for.  And when I replied by email using their mailer, their server rejected the message due to SPF failure.  It took a couple tries, but eventually I satisfied the email verification to be able to log into their support portal and respond that way.

More than 12, less than 24, hours later the problem got sorted out, but then I had demoted _include:<fqdn>_ to being the last include: in our SPF.  And, it might need to find a new home, or cease, as it was pointed out to me that there is also a 10 DNS lookup limit in processing an SPF.  The include:'s up to this last one consume 7.  To get all the way the last one would take 9.

IPs that match before the 10 DNS lookup limit is reached with get a PASS, and the search ends. The rest will get PermError for hitting thel limit whether they are listed past this point or not. And, IPs that aren't our SPF will the get the error rather than the FAIL that they should.  It is up to the remote system how they want to treat the message...is it unknown or is the same as FAIL.  Are there even in between values to that host.

I suspect I'm probably the only person that still uses this specific service, mainly because I own and use a large number of domains to sending and receive email, where its easier to use one smarthost for all the domains than to hack sendmail(8) to route by sender through different smarthosts, etc.  Though there are blogs out there on how to do it, so I have a starting point, just working up to putting it in place.  Also, being able to queue my outgoing messages is nice, since I have heard lots of people complain about the slowness of sending using our service provider's authenticated smtp.  Though I rely on their imap interface almost exclusively, though I run mail/fetchmail in the background with IDLE, to create local copy of my email.

Only problem the latest version of mail/dovecot2's FTS Lucene is broken.  From what I can tell is that they have modified the Snowball class to work with ICU, but at runtime, its trying to use the Snowball class in the textproc/clucene port.  Which eventually leads to a *segv*.  Of course, all these port options are off by default.  As with out a pr/patch I had previously submitted got timed out as the conversion to bugzilla used by from address and dropped the reply-to address, and they only waited a day for a response.

But, up until the latest release, my patch was what got the FTS/Lucene option to work.  Not sure how to respond on the latest....such as they have ICU a separate option from FTS, except if you build it with FTS and no ICU it complain that it needed ICU... though even then, the new FTS code is beta at best.  So, I'm probably waiting for upstream to fix things before I can fix it for FreeBSD (which had mostly been making it look in other places when looking for the libraries it needs.)

Might have to explore other options.

The Dreamer.


----------

