Free DDNS that offers TXT record for DNS challenge

robertkwild · February 4, 2022, 11:04am

hi all,

im currently with noip the free service which is good but it doesnt offer txt records (paid feature plus its not supported via the ACME client)

are there free DDNS services out there that offer TXT records and work with the ACME client aswell

thanks,
rob

bruncsak · February 4, 2022, 11:28am

I found recently that one (I did not try myself):

They write:

"We provide a variety of DNS records including A, AAAA, CAA, CNAME, LOC, MX, PTR, SPF, TXT etc as well as web redirect and offline actions. Wildcard alias as well as individual IP address updates for aliases are also supported. "

9peppe · February 4, 2022, 12:28pm

Duckdns does offer it.

robertkwild · February 4, 2022, 2:31pm

would you say duckdns is anygood?

would you advise installing the ACME client on a FW with DNS challenge, do you think thats safe

9peppe · February 4, 2022, 2:32pm

I used it for a long time but not recently and never using dns-01 validation. It always worked fine.

rg305 · February 5, 2022, 3:38am

Safety is not a binary value [absolutes don't exist].
I'd say on a scale from 0 to 10 [higher being safer], that's like: 3.5
[which might be more than enough to secure a home system]

bruncsak · February 6, 2022, 3:28pm

There is certain restriction of the use of the TXT record type at dynu.com:

robertkwild · February 6, 2022, 3:50pm

OK I just need to find out what free DDNS providers offer the api dns challenge method

Osiris · February 6, 2022, 4:41pm

I still have the feeling you don't fully understand how it works.

It's also a little bit confusing to have two threads on the same subject open at the same time.

At the Let's Encrypt side, there is the ACME protocol and the ACME protocol currently has three challenges, among them the dns-01 challenge type.
To complete the dns-01 challenge, a TXT resource record needs to be added to the DNS zone with a specific label (_acme-challenge). This can be done manually or automatically, where the latter is prefered.
To do item 2 automatically, the DNS provider would need to offer an API to add (and delete) the TXT resource record.
Also, for item 2 to be automatic, the used ACME client would need to be able to "speak" the API offered by the DNS provider.

robertkwild · February 6, 2022, 4:46pm

so if i add a TXT record to my DDNS provider does that mean i dont have to have the ACME client on my opnsense firewall anymore?

Osiris · February 6, 2022, 4:53pm

How are you going to get a certificate without an ACME client?

Please read:

robertkwild · February 6, 2022, 5:01pm

true, i need certbot agent on my web server or the acme agent firewall

Osiris · February 6, 2022, 5:02pm

"the acme agent firewall"? You mean acme.sh?

robertkwild · February 6, 2022, 5:04pm

sorry the acme agent on firewall ie the acme.sh

robertkwild · February 6, 2022, 9:36pm

im going with dynu DDNS and ive seen they offer the API feature for DNS challenge for use with ACME so giving that a shot and let you know the outcome

just trying to figure out how to add the DDNS service for dyno into my opnsese as they havnt got the service for dyno provider so going to have to specify it as a custom service

webprofusion · February 7, 2022, 8:01am

For reference, cloudflare's basic service is free and includes DNS (with TXT records etc).

system · March 9, 2022, 8:01am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Dns challenge OK even when I havnt got a txt record Help	32	3063	March 10, 2022
TXT Record Challenge DNS Timeout Help	16	3249	July 28, 2020
Problem with the online doc Feature Requests	4	727	November 12, 2020
DNS-01 Challenge including more DNS Records than TXT Issuance Tech	11	1938	March 10, 2023
DNS-01 challenge acme-dns internal Bind Help	44	2074	May 29, 2024

Free DDNS that offers TXT record for DNS challenge

Related topics