If you mean to do that in the public DNS records please note that public records that point at private IPs are often filtered by ISP’s DNS servers because they can be used in web attacks.

If you don’t use your ISP’s DNS as upstream, and the servers you use don’t do this filtering, and you don’t care about the attacks, carry on. But if you use multiple devices or have multiple users (with multiple devices each) eventually that domain will be blocked for some of them.

Generally speaking, a subdomain like jellyfin.myhome.com will work out much better than a subpath like myhome.com/jellyfin.

Very few web apps can deal well (or at all) with being used under a subpath.

• What does “authentication” mean if there’s no server?
• How do browsers behind NAT connect to each other?
• How does it verify that the other chat partner is who they say they are?
• Why use this and not Simplex?

Contact support and tell them how many you need and they’ll try to accommodate you. There were a lot of people abusing the service and hosting hundreds of domains so now they’re making everybody request them explicitly unfortunately. They’ve also had to suspend their .dedyn.io DDNS service indefinitely because of the abuse.

That’s why we can’t have nice things.

Please read up on DNSSEC because you will be required to turn it on for every domain you host with them.

https://community.letsencrypt.org/t/dns-providers-who-easily-integrate-with-lets-encrypt-dns-validation/86438

I’m not seeing bunny.net on that list, it has a DNS service with API. They have a minimum account maintenance fee of $1/mo and when you load up your account you have to load a minimum of $10. So basically it’s $1/mo for which you get a lot of DNS and CDN service included (20M DNS queries and 100GB transfer).

That’s how Amazon works.

If you think all the stores in the internet now are PWA’s you are sadly mistaken. MVC web apps are pretty well suited for things like shops and they never went away. There are entire languages and frameworks like PHP, Python, Java that actively support that style of app. It also lends itself really well to caching.

I wouldn’t say it’s completely JavaScript free though. Client side JS is still extremely useful and attempting to make a store with zero JS might be a bit tough.

There are tons of CDNs out there.

Both your ISP and CF will drop you like a hot potato if you’re ever under that kind of attack.

CF has other features that are nice like, like WAF, bot detection, geo blocking, caching etc. But it’s only a taste.

All their real services are paid and the whole reason they offer a free tier is to upsell you to their paid services.

It’s not the only free DNS service.

It’s only a good registrar if you don’t care about privacy and you’re ok with their selection of TLDs (selected only from registries without privacy).

The free accounts do not benefit from DDoS protection. Re-read their terms of service, they’re vague on purpose. If you were ever DDoS’ed (I don’t know who would bother btw but that’s another discussion) they’d just drop you.

You can establish the tunneling thing on your own with any VPS.

The problem with cloudflare is that we’re missing three other cloudflares to move to if they decide to pull evil shit.

You can and should diversify your services and spread them to different providers that are easy to switch. I’ve been with “all in one” providers before, they inevitably end up leveraging their convenience into all sorts of crap. But until you get burned a couple of times they look really good.

Yeah.

Next step, modify your resume to say you did networking at previous positions. Don’t lie, just focus on the network stuff. I’m assuming you did that too.

Get a certification?

polito.it may not be the best example because its A records point at private IPs (192.168.x.x). Such records are often filtered by ISP DNS servers because they are used in certain kinds of attacks.

Double check your results using DNSChecker.

Edit: also, using just dig will not resolve all possible records related to a domain. I use a script that asks dig explicitly for a variety of record types:

#!/bin/bash
echo "SOA NS A AAAA MX CNAME TXT SRV DNSKEY"|\
xargs -n1 dig +noall +answer +nocrypto "$@"|\
sort -u -k4

What do the Unbound logs say?

What upstream servers are you using?

not depend on Google/Adblock/Whatever upstream DNS server

I mean, you’re gonna have to get your DNS information somewhere. You can choose and pick your upstream but you still need one. You can cache the DNS info but you will still need to refresh it eventually. You can use a DoT or DoH upstream server so your ISP cannot spy on your DNS traffic but, again, you still need an upstream.

Also ytdl-sub would work for your case.

Caring about IP allocation is something that’s hard to let go. They’re saying that the IPv6 address space is so astronomically large that we need a radical change of mindset to deal with it. Allocate names based on MAC and leave it at that. Ignore the IPs. If you fixate on maintaining specific IPs and prefixes you just complicate your own life for no benefit.

Once upon a time you could use a thing called debootstrap to install Debian on the hard disk in a chroot on another machine, then switch the hdd to the target machine. Not sure if that thing is still around.

If you literally mean one time then rsync is fine-ish… if you combine it with a checksum tool so you can verify it copied everything properly.

If you need to backup regularly then you need something that can do deduplication, error checking, compression, probably encryption too. Rsync won’t cut it, unless you mean to cover each of those points using a different tool. But there are tools like borg that can do all of them.

Some ISP don’t rotate IPs so it can end up pinpointing your house very precisely.

So all of these encrypt the conversations so not even the server admin can access them?

Fell off this passing truck that was carrying shows and movies!