deSEC saved the day when GoDaddy ruined it

2024-06-03

I’m hosting the deafgod.xyz domain on GoDaddy.

I don’t actually know why I chose GoDaddy since I’ve always read complaints about their services.

Well, better than my old registrar.

For my old domain I used Epik but after EpikFail I decided to drop it.

Did I download the leak to check if my personal information were in it? 🤔 I don’t remember.

Since this machine has a dynamic public IP, I wanted a script that changes my DNS records when the public IP changes.

The first time the public IP changed and I edited the DNS records by hand, I already had enough 🙈

I knew that GoDaddy had an API, but after creating the tokens and setting up everything, I discovered that they disabled the API for customers with less than 50 domains 🥲

In the last few weeks I checked various services but none of them satisfied me.

I didn’t want to register another domain with some dynDNS registrar and pay for it. I couldn’t host my own DNS server on a machine with a static public IP because I would need to pay that too.

But during my research a redditor saved the day: Reddit Answer

As deSEC describes itself:

deSEC is a free DNS hosting service, designed with security in mind.
Running on open-source software and supported by SSE, deSEC is free for everyone to use.

What? OpenSource and backed by a german organization?

It MUST be good!

You don’t need to buy a domain from them, you can just let their nameservers manage your domains.

I quickly made an account on deSEC, deleted all my DNS records from GoDaddy and set NS records pointing to deSEC servers.

$ dig +short NS deafgod.xyz
ns2.desec.org.
ns1.desec.io.

They ask only for an e-mail and that’s it!

No KYC stuff!

They have both a web UI and a free API and the whole stack is on github.

Long story short:

Made a script
crontab -e a */10 * * * * /root/bin/ddns >> /root/bin/ddns.log 2>&1
crontab -l to check everything was good

I have dynamic DNS now.

Open source, free and hackable.

 1#!/usr/bin/bash
 2
 3REAL_IP=`curl --silent https://checkipv4.dedyn.io/` || exit
 4DNS_IP=`dig +short A deafgod.xyz @ns1.desec.io` || exit
 5
 6if [[ "$REAL_IP" != "$DNS_IP" ]]; then
 7  echo "$(date) - IP: ${REAL_IP} - DNS: ${DNS_IP}"
 8  curl --silent --ipv4 https://update.dedyn.io/?hostname=deafgod.xyz \
 9  --header "Authorization: Token <secret>"
10fi

The records updated with the API have a TTL of 60.

Reply to this post by email ↪