My webserver name is resolved by dynamic dns, is that OK?


#1

My webserver name is resolved by dynamic dns, is that OK? … Your topic is similar to … gives me several similar questions! Very nice. It looks like no problem per se with ddns? I guess I’ll just try it out and see what happens.

Thanks.


#2

If all users share the same parent domain name and that domain name isn’t on the public suffix list, it’s possible you’ll run into the 5 certificates per domain per 7 days rate limit. Other than that, all is fine.


#3

well when you e.g. CNAME your own domain to a dyndns (meaning you use your own name) and therefore just resolve it via dDNS there should be absolutely fine.


#4

osiris : I’ve just tried to contact the folks at sdf.org … their, and my, ddns server is mdns.org … to see if someone would do what’s necessary to put mdns.org on the public suffix list, we’ll see what happens.

my1: yeah, I think so too. I’m not quite ready yet to open and advertise to the world to come and hit my server, so it’ll be a week or so before I actually try.

I’ll come back if I have difficulty … even if I don’t if anyone is interested in my particular experience.

Thanks, to you both, for responding to my post.


#5

making the cert doesnt tell the world that they all can hit your server. I mean you could still run your server in a pretty locked down fashion (e.g. passowrd)


#6

True. It does, however, tell the world (via certificate transparency logs) that the server exists (which is why I’ve never really understood the reluctance of many folks here to post the actual FQDNs they’re using when attempting to obtain certs).


#7

it just tells the name has gotten a cert.
I could easily get a cert for a name which is indeed a public name but after the generation of the cert, not resolvable from the outside (e.g. for local company machines).

also even if people dont post the name which they try to generate nobody will know that server x is THEIR server.

in my opinion CT is useless for spying unless you know the target well