deSEC saved the day when GoDaddy ruined it
I’m hosting the deafgod.xyz
domain on GoDaddy.
I don’t actually know why I chose GoDaddy since I’ve always read complaints about their services.
Well, better than my old registrar.
For my old domain I used Epik but after EpikFail I decided to drop it.
Did I download the leak to check if my personal information were in it? 🤔 I don’t remember.
Since this machine has a dynamic public IP, I wanted a script that changes my DNS records when the public IP changes.
The firt time the public IP changed and I edited the DNS records by hand, I already had enough 🙈
I knew that GoDaddy had an API, but after creating the tokens and setting up everything, I discovered that they disabled the API for customers with less than 50 domains 🥲
In the last few weeks I checked various services but none of the satisfied me.
I didn’t want to register another domain with some dynDNS registrar and pay for it. I couldn’t host my own DNS server on a machine with a static public IP because I would need to pay that too.
But during my research a redditor saved the day:
As deSEC describes itself:
deSEC is a free DNS hosting service, designed with security in mind.
Running on open-source software and supported by SSE, deSEC is free for everyone to use.
What? OpenSource and backed by a german organization?
It MUST be good!
I’m sure it’s perfect for privacy and stuff 😉
You don’t need to buy a domain from them, you can just let their nameservers manage your domains.
I quickly made an account on deSEC, deleted all my DNS records from GoDaddy and set NS records pointing to deSEC servers.
$ dig +short NS deafgod.xyz
ns2.desec.org.
ns1.desec.io.
They ask only for an e-mail and that’s it!
No KYC stuff!
They have both a web UI and a free API and the whole stack is on github.
Long story short:
- Made a script
crontab -e
-ed a*/10 * * * * /root/bin/ddns >> /root/bin/ddns.log 2>&1
crontab -l
-ed to check everything was good
I have dynDNS now.
Open source, free and hackable.
1#!/usr/bin/bash
2
3REAL_IP=`curl --silent https://checkipv4.dedyn.io/`
4DNS_IP=`dig +short A deafgod.xyz @ns1.desec.io`
5
6if [[ "$REAL_IP" != "$DNS_IP" ]]; then
7 echo "$(date) - IP: ${REAL_IP} - DNS: ${DNS_IP}"
8 curl --silent --ipv4 https://update.dedyn.io/?hostname=deafgod.xyz \
9 --header "Authorization: Token <secret>"
10fi
The records updated with the API have a TTL of 60.