I recently found out that you can get up to 3 free .eu.cc domain from GNAME, which also claims that you can renew for free when its within 90 days of expiring. So I got one to check it out.
Obviously, the next step is making one of my local machines act as the target destination for any queries to the address, so it becomes accessible for the wider web. I’m not entirely sure, however, what to configure on GNAME (there’s the option to setup A and AAAA records, which I suppose I should just point to my IP, but there’s also CNAME, TXT, NS, SRV and what configurations/programs my local server (rPi 3) needs to have running besides a webserver (Apache2 or Nginx)
My intent is to have it run a single-user fediverse server, possibly friendica, as it seems to have the best support for seeing all sorts of APub posts. If that proves too heavy for my old pi, I’ll try one of the lightweight APub alternatives
I know I’ll also need to do some configurations on my router, so I’d appreciate help on this, too.
You must log in or # to comment.
First of all I would suggest getting your own domain. There’s many TLDs and ccTLDs that will let you get a domain for $10/year or much less.
If you don’t want to pay then at least get a subdomain from somewhere reliable. Preferably a DNS service because you also get DNS management this way. My recommendation is DeSEC because it’s a German, privacy-oriented non-profit and it has a modern interface and modern features like an API, security tokens, support for recent record types, DNSSEC etc. And if you later decide to get a paid domain you can keep using DeSEC for it very easily.
Secondly, does your fediverse single-user server really need to be exposed to the internet to get updates? Can’t it pull them from other servers? That way you would reduce your risk a lot.
First of all I would suggest getting your own domain.
Isn’t this what I just did?
mydomain.eu.ccEven if I can’t get it to renew for free next year, the experience of setting stuff up should be worth it.really need to be exposed to the internet to get updates?
From my limited understanding of APub, it needs to be exposed/findable in order to send updates and for my
user@serverto show up. I’ll be reading https://www.w3.org/TR/activitypub/#server-to-server-interactions to know betterCan’t it pull them from other servers?
Tunnel through an existing server? Or what, exactly? Wouldn’t connecting through an existing fedi server also enforce its blocklist down to me?
Isn’t this what I just did?
mydomain.eu.ccI mean the second part from the end (
.eu.). That’s not yours, and that means that themydomain.part can dissapear at any time. The owner can also do all kinds of unpleasant things that can affect your online presence.By “your own” domain I mean getting something of your own in that 2nd spot instead of “eu”. It doesn’t have to be on the
.ccregistry, it can be any established TLD like.com,.net,.org, it can be a country TLD aka ccTLD like.cc,.nl,.deand so on, or it can be a so-called “novelty” domain like.dev.Having your own domain means you can own it in perpetuity (well… old, established TLDs are better at this than novely TLDs) and have much better control over it.
Visit a domain registrar like Porkbun and have a look through their TLDs, check some prices, the privacy of your personal data etc.
Avoid registries that allow “premium” domains, it means that the registry can suddenly decide that the domain you own is very cool and force you to pay hundreds or thousands for the next renewal or lose it.
Wouldn’t connecting through an existing fedi server also enforce its blocklist down to me?
I’m not entirely sure on how you propose to use your server: if you just want to read stuff or also want to be able to post.
Your server can do things with another server in two ways, by exposing an open port and allowing the other server to do stuff locally through that port, or by connecting to a port opened on the other server and doing stuff there.
If the fediverse protocol mandates having a local port open to do stuff like posting, it may be impossible to avoid doing it.
Kinda overlapping other replies, but to answer your question: A = your external IPv4 address
The rest could be empty AAAA = an external IPv6 address NS = a DNS server MX = Mail Server
TXT is just text, but it can be used by, ie Lets Encrypt to prove you own that domain for your SSL certificate
If you open TCP 80 / 443 on the open internet EVERYONE will probe you, but you want to run a Friendica server, so you kinda need that (disclaimer: I do not know how Friendica is setup)
So, you’ll need something (firewall, Fail2Ban, etc) to protect your server whilst also allowing it to federate to other servers.
I’d strongely suggest you put your server on a VPS with a provider that has some level of defense already setup for you.
I wouldn’t run this in your home network with putting it into a DMZ of some kind.
If you’re not using a domain for email, the MX record should not be left empty, as it can still be used maliciously.
Following a guide like this (it’s one of many) will ensure it’s not used at all:
Should probably note that “DMZ” in this context means a separate VLAN. Because the term is also commonly used to mean “DMZ host” where a router exposes a machine directly to the Internet. You want the former, not the latter.
But, more to the point, a beginner really shouldn’t be exposing anything to the Internet. 🙂 Running a public service as a person who doesn’t know how domains work will not end well.
point the AAAA/A records to your corresponding ips and allow incoming traffic on port 443, 80 on your Firewall. You may also need to set up a dyndns client if your isp changes your ipv4 frequently.
Yeah, I’ll need to set that dyndns, my IP4 isn’t fixed. Haven’t checked the IP6 tho, might try it later today - leaving the router turned off for some 10 minutes, then turning it back on will give me the answer
Normally you could directly use the IPv6 of the corresponding server. They’re unique and made to enable connections directly to machines instead of routers. The router has to allow tme passage, though.
Don’t run services like these on a free domain. Get a very cheap domain from almost any provider. These free ones often try to get you to buy their domain name for outrageous prices with tricks and footnotes.
“premium” .eu.cc domains go for 10 dollars from them. The ones they let people have for free are less than 2 USD for registration and yearly renewal. I’m willing to lose these domains if they try to charge for it
The ones they let people have for free are less than 2 USD for registration and yearly renewal.
Not trying to rain on your parade at all. However, if you have to pay to register and a yearly renewal, then it’s not really free. I’ve never heard of GNAME, which is neither here nor there, but I went and checked it out. One of the things that stood out to me as I had to adjust my ad blocker to visit the site is that they are using baidu.com. So, right off the bat, that’s a red flag in my mind. Not saying that GNAME is doing anything nefarious, but, I’d proceed with caution.
Baidu is kind of the Chinese equivalent of Google. GNAME is a Singapore registrar so it would probably make sense to use Baidu.
Baidu, Inc. is a Chinese multinational technology company specializing in Internet services and artificial intelligence. It holds a dominant position in China’s search engine market, and provides a wide variety of other internet services such as Baidu App, Baidu Baike, iQIYI, Baidu Tieba, and ES File Explorer.
While Baidu is not a scam, users should exercise caution, especially when it comes to data security. The company operates under Chinese regulations, which may differ significantly from those in other countries. Therefore, it’s essential to be aware of these differences and take appropriate measures to protect your personal information when using Baidu’s services.
I’m neither encouraging or discouraging, just informing. Additionally, there are some rather sketch reviews dealing with GNAME. One man’s paradise is another’s prison, so be informed and make your decisions based on that information and whether that fits into your threat model profile.
Just live with a terrible name and it will keep being free. I’ve had my mooo.com subdomains for years.
that is actually not terrible at all ^
Worth noting that FreeDNS domains can be a mixed bag. Anybody can add or remove the base domains at any time because they’re lended freely. The owner can also arbitrarily decide to delete your subdomain, or reserve it for themselves, or even hijack its use, its TLS certs etc.
The top 7 domains listed there (including
mooo.com) as owned by “josh” are somewhat better than the others because Josh is the owner of FreeDNS. So those domains will be around for as long as FreeDNS will, and you know Josh is not gonna hijack your subdomain. But be wary of using any other domain there (or putting your own domain up for use).This is all true.
However, I’ve had my subdomains since 2008 and never had any kind of issue, so I can vouch for freedns.
They’re an emblem of the spirit of what the internet should be.
In your scenario, I would prefer to tunnel to the outside, as it could be risky to just open a port on your router and open a port on your computer. In this case, pointing the IP to a vps that your PC tunnels to or putting the record in cloudflares DNS, that way no automatic port searcher will try to nuke your network. There is dynamic DNS too.
There is cloudflare and other options too.
Edit: I do this with cloudflare, but privacy is very much not given with them.
An unauthenticated tunnel is still an ingress path same as an open port, just with more steps.
As I don’t have any VPS, it sounds like I’ll have to rely with cloudflare’s tunnel then? That or register with one listed here? https://github.com/savyasathe/free-vps
There are oracle’s free VPS too.
Do you have a static IP? Just point your domain to that. I only have A- MX- and CNAME-record. A is for the numerical IP. MX is for mail, I don’t use it. CNAME is for subdomains afaics (currently only contains www).
All fields are comma-separated lists.
NS stuff is for if you’re running a nameserver and I never even looked into it.
A records return the numerical address of a name.
CNAME returns a different name for a name. Basically ‘synonym’ so the maintainer only has to change the one master, A record when the IP address changes. Convenient to use CNAME to point www.example.com to example.com, but you can use it just as well to point example.com at my.private.host.xyz You can even chain multiple CNAMEs to make it easier to manage a complex backend structure while presenting a simple address to users.
