Latest revision as of 08:23, 23 November 2025

Resource

Nice Diagram
- How DNS Works
- What is DNS and How it Works?
Managing DNS Essential Training from lynda.com
Use DNS to block or unblock websites. That is, you can effectively bypass geo-restrictions without using VPN.

Block Ads

The 7 Best DNS Servers to Block Internet Ads

TTL

How to see Time-To-Live (TTL) for a DNS record

FQDN

What Does FQDN Mean?: hostname + domain name + top-level domain
FQDN (Fully Qualified Domain Name): What It Is, Examples, and More
PVE quick installation. cat /etc/hosts
https://forum.proxmox.com/threads/hostname-fqdn-huh.63667/. IETF has reserved the following top level domains for documentation or testing purposes:
- .example
- .invalid
- .test
- .localhost

URL

It seems we can append "?" and "#" after a valid URL.
What do "?" and "#" mean in a URL?
- “?” in URL acts as separator
- “#” was used as an anchor to jump to an element. However, nowadays it's usually used with AJAX-based pages since changing the hash can be detected using JavaScript and allows you to use the back/forward button without actually triggering a full page reload.
Which characters make a URL invalid?
Special character in URL ignored by browsers

Records

A record (address record): IPv4

A records are used to map a domain name to an IP address
For example, "domain.com" is an A record (Pointing your root domain to a serve). Its value/target is an IP address (e.g., 203.0.113.50).
- Cf. "www.domain.com" is CNAME record which maps it to "www.domain.com".
Use cases: Pointing your root domain (mydomain.com) to a server.
Performance: Requires one DNS lookup.
Limitation: No major limitations.
What does @ mean when setting up A Records in your DNS settings? Apex records, naked domain
- When creating a new A record, using the host as @ means that the record is for the root domain itself. In other words, if your domain is “example.com”, an A record with @ as the host would point “example.com” to the specified IP address. This is often used to direct traffic for the bare domain (i.e., example.com without any subdomains like www) to a particular server.
How to set up subdomains with Cloudflare, 免费开源论坛程序推荐！含搭建教程，手把手教你安装.

CNAME: Alias

A CNAME record is used to map one domain name to another domain name. Its value/target is a fully qualified domain name (e.g., my-blog-app.netlify.app).
For example, a CNAME record for "www.example.com" might map to "example.com". This is useful when you want to point multiple domain names to the same server.
Use cases: Creating aliases for subdomains (www.mydomain.com, blog.mydomain.com).
Performance: Requires at least two DNS lookups (one for the CNAME, one for the final A record).
Limitation: Cannot coexist with other records for the same hostname. For example, a subdomain with a CNAME record cannot have an MX record for email or a TXT record. For this reason, you can't use a CNAME record for your root domain (mydomain.com) if you also want to receive email.
A CNAME record is used in lieu of an A record when a domain or subdomain is an alias of another domain. All CNAME records must point to a domain, never to an IP address. See What is a DNS CNAME record? For example, www.example.com is an alias of example.com.
- Useful if we like to use our own domain name instead of a given long domain name (use as an alias). All the operation is in the domain registrar.
- An example: 真正永久免费的容器！4核 CPU、8G内存、10G网络，无需绑卡，速度极快！搭建网站、部署AI、代理节点等爽歪歪！

DNSCrypt

DNS commands/clients

15 Useful Free and Open Source DNS Clients
- dog
- doggo
- q
- ddclient
- GoDNS
- dig
- dnslookup
- dness
- wig
- dyndnsc
- dnsupdate

ping
curl - ping alternative. It is useful if the server blocks ping requests
nc and telnet - How to Test Port TCP/UDP Connectivity from a Linux Server
host (two ways).
nslookup (two ways). Eg nslookup XXX.XXX.XXX.XXX.
dig (dig -x XXX.XXX.XXX.XXX)
whois
Online version
- ip-lookup.net,
- hcidata.info,
- url-decode.com (very fast)
- dns lookup, mx lookup by mxtoolbox.com. See bing.com Webmaster Tools

DNS server

Windows

You can build a local DNS in an afternoon and stop ISP snooping

Setup on Linux/Ubuntu

https://support.rackspace.com/how-to/changing-dns-settings-on-linux/
How to Run Your Own DNS Server on Your Local Network
Build your own DNS name server on Linux. General discussion, not specific to Ubuntu.
How To Configure DNS Server On Ubuntu 18.04 / Ubuntu 16.04, How to install a DNS server on Ubuntu 19.04

sudo apt install bind9
sudo nano /etc/bind/named.conf.options
  # update 'forwarders' key to use 1,1,1,1; 8.8.8.8;
  # add 'forward only;'
sudo systemctl restart bind9
# open port 53, or let ufw to allow bind9

AdGuard Home

How to set up your own open source DNS server

Pi-hole

https://pi-hole.net/
- No username is needed. The password is defined in the compose.yml file.
- The default web interface port is 80, but we can modify it in the compose.yml file.
Pi-hole's primary blocking mechanism is domain name-based, not IP-based.
- If the domain is on a blocklist, Pi-hole immediately returns 0.0.0.0 (or its own IP address).
- If the domain is not blocked, Pi-hole forwards the request to your configured Upstream DNS Server (e.g., Cloudflare, Google DNS, or a recursive server like Unbound). The Upstream Server returns the public IP address. Pi-hole returns this IP to your device and stores it in its cache for faster future lookups.
Will pihole slow internet speed: No

Pi-Hole v6 Has Arrived: Here’s What’s New
The World’s Greatest Pi-hole (and Unbound) Tutorial 2023
https://github.com/pi-hole/ and https://github.com/pi-hole/pi-hole
http://pi.hole/admin
Complete Guide to Setting up Pi-hole on a Raspberry Pi with IPv6 Support on Docker including Using Pi-hole as Your DHCP Server, Adding More Blocklists, Unblocking Domains & Using DNS over HTTPS (all queries from Pi-hole will be encrypted and your ISP will not be able to see them).
Create a Network-Wide Ad Blocker with a Raspberry Pi
Pi Hole Ad Blocker with Pi Zero W (and PiOLED)
Setting up a Pi Hole for whole-home ad/tracker blocking (Raspbian)
How to change DNS server on your Android phone or tablet
Pi hole prevent ads from appearing on Internet-connected devices that aren't a Web browser. Pi-hole can be installed on hardware that's not a Raspberry Pi.
Installing pi-hole on ubuntu 18.04 LTS
How to block mobile ads with Raspberry Pi and Pi-hole
Millions of hits to a random IP lookup from my router at 3AM. Happened on both my PiHoles. Ideas?
oisd blocklist
DNS-Blocklists (15k stars)
Change DNS in android 11 , 12 ... to use with pihole
Why I Run 2 Pi-Hole Instances (and How I Keep Them Synced). One way to test it is to open the Android app 'Taiwan Radio' or 'FainTV'. You will see the ads cannot be loaded anymore. In fact, this also fixed the buffering problem when I use the 'Taiwan Radio' app.

Run a local pihole instance in a Docker container
- Running Pi-hole locally using Docker. After the container is booted, you can set up your DNS to 127.0.0.1.
Give Your Self-Hosted Services Local Domain Names With This Pi-hole Trick
How I use Pi-hole and Tailscale for whole-network ad blocking

Install by Docker

https://docs.pi-hole.net/docker/

When I run docker logs -f pihole, I see "ERROR: Failed to receive data from NTP server pool.ntp.org (x.x.x.x): Timeout". Gemini suggests to add 3 options in compose.yml or through web interface (All Settings - Network Time Sync. Deselect the checkbox next to the setting "Should FTL try to synchronize the system time with an upstream NTP server?")

services:
  pihole:
    image: pihole/pihole:latest
    container_name: pihole
    # ... other settings like ports and volumes ...
    
    environment:
      # Critical for security: set your web interface password
      - WEBPASSWORD=YourSecurePassword
      # Set your Time Zone
      - TZ=America/New_York
      
      # Correct variable to disable the internal NTP sync client
      - FTLCONF_ntp_sync_active=false 

      # Optional: Disable the NTP server functionality as well (Recommended in Docker)
      - FTLCONF_ntp_ipv4_active=false
      - FTLCONF_ntp_ipv6_active=false
      
    # ... rest of your compose file ...

Install on Pi

No 'sudo'
Uncheck to install lighttpd since I have apache installed already

curl -sSL https://install.pi-hole.net | bash

I am using wifi and it works fine
New directories /var/www/html/admin (main directory) and /var/www/html/pihole (only 2 files) are created.
At the end it will say the install log is in /etc/pihole
The web interface is at http://pi.hole/admin or http://192.168.x.x/admin. The Admin Webpage login password will be shown on the text UI and the terminal too (remember to save it).
The pi-hole admin password can be reset by pihole -a -p
Ports 53 and 80 need to be opened. sudo netstat -tulpn | grep LISTEN
To change the interface from eth0 to wlan0, use pihole -r to reconfigure. see Change ip adress
My current pi-hole version is v4.4 (2020-04), AdminLTE v4.3.3 and FTL v4.3.1. pihole -v It also shows what is the latest versions.
On my Dasung non-ereader tablet (Android 8.1.0) it does not have DNS option on WiFi network. I install DNSPipe. It seems to work. It does ask something related VPN, why?

Local DNS Record

This allows you to map your own domains to your private network.
Using Pi-Hole for Local DNS - Fast, Simple, and Easy Guide

Update

$ pihole -up

After I upgrade to 5.0, the stats on the dashboard is not working. A solution is here. sudo apt install php7.0-sqlite and sudo service apache2 restart. Use php -v to check your PHP version before confirming the exact module name to install.

Uninstall

Unsupported OS

sudo rm -rf /etc/.pihole /etc/pihole /opt/pihole \
  /usr/bin/pihole-FTL /usr/local/bin/pihole \
  /var/www/html/pihole /var/www/html/admin

$ pihole uninstall
....
  [i] The following dependencies may have been added by the Pi-hole install:
    dhcpcd5 git iproute2 whiptail cron curl dnsutils iputils-ping lsof netcat psmisc sudo unzip wget idn2 sqlite3 libcap2-bin dns-root-data libcap2 lighttpd php7.0-common php7.0-cgi php7.0-sqlite3 php7.0-xml php-intl 
  [?] Do you wish to go through each dependency for removal? (Choosing No will leave all dependencies installed) [Y/n] n
  [✓] Removed Web Interface
  [✓] Removed /etc/cron.d/pihole
  [✓] Removed lighttpd configs
  [✓] Removed config files
  [✓] Removed pihole-FTL
  [✓] Removed pihole man page
  [✓] Removed 'pihole' user
...

Migrating Pi-Hole from lighttpd to apache

sudo apt-get remove lighttpd

Whitelist

Allowlist and Denylist editing from Pi-hole documentation (command line).
To allow a domain (GUI):
- Go to Query Log on the left panel.
- At the bottom, enter the blocked URL (eg link.ted.com) in the Domain box
- It will return a list of Recent Queries.
- Click the Allow button on the right to any query we want to unblock.
- The allowed domain will appear under the "Domain management" page when you click the Domain on left panel
Use Domain on left panel
Command line: pihole -w somedomain.com anotherdomain.net (add to whitelist)
Collection of commonly white listed domains for Pi-Hole®
Commonly Whitelisted Domains

Use pi-hole as the only DNS

On my Android galaxy tab s6 lite, I set up two DNSs. Even pi-hole is the 1st DNS, for some reason, the 2nd DNS was used. So ads are not blocked.

I can try checking the Pi-hole logs to see if there are any issues or errors that could be causing delays in resolving queries. I can access the logs by logging in to the Pi-hole web interface and navigating to the “Tools” section and then selecting “Tail pihole.log”. This will show you a live view of the Pi-hole log file and you can see if there are any issues or errors that could be causing delays in resolving queries.

I can also try adjusting the cache size in Pi-hole. Please note that increasing the cache size may improve performance, but it will also increase memory usage. You should choose a cache size that is appropriate for your system’s resources.

sudo nano /etc/dnsmasq.d/01-pihole.conf
# Find the line that starts with cache-size and change the value
sudo service pihole-FTL restart

Unbound

How to Set Up Local DNS Resolver with Unbound on Ubuntu 22.04

Client part

Windows/Mac/Linux

dig @192.168.1.2  linkedin.com  # Suppose the DNS server ips is 192.168.1.2

Pay attention to the Query time result. If we run the same command again, the query time will be reduced to 0 because of the cache in the DNS server.

Wifi on Mobile
1. Go to wi-fi setting and select your connected network (so each wifi network has its own DNS setting).
2. Change Configure DNS from Automatic to Manual so that you can set your primary DNS server to Pi-hole. Then add the IP of your DNS server. You can add a backup server too (such as the IP address of your gateway router) so you can still visit websites when Pi-hole is offline.
Mobile network
- How to make Android use the DNS server of your choice
- Change DNS on iPhone/iPad/iPod for WiFi and Cellular (3G/4G/5G)

Client part 2: what is my DNS server /etc/resolv.conf or /etc/network/interfaces. Static IP

Use one of the following commands

systemd-resolve  --status
resolvectl status
nmcli dev show | grep 'IP4.DNS'

PS. dig command can show my DNS server as part of its output.

On Ubuntu 18.04 and up, it uses netplan. PS. use space character instead tab in yml file.

Even I can change my DNS setting using the Network Manager (IPv4 -> disable Automatic -> Enter 8.8.8.8 -> Apply -> Toggle On/Off), the name solving does not work. Testing https://129.43.254.99 works but not https://brb.nci.nih.gov

To use the /etc/resolv.conf method, check out how to add DNS servers or Set permanent DNS nameservers on Ubuntu/Debian with resolv.conf (video).

On my home computer, it just shows one line nameserver 127.0.1.1. On work computer, it shows

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.1.1
search XXX.XXX.gov

On the VM of my work computer, it shows

nameserver 127.0.0.53
search XXX.XXX.gov

It seems the /etc/resolv.conf file changes with the file on the host.

After any change, we can restart the network by using sudo service networking restart.

Note:

nameserver Name-server-IP-address: Point out to your your own nameserver or to ISP’s name server. Up to 3 name servers may be listed.
search domain.com: The search list is normally determined from the local domain name; by default, it contains only the local domain name. So when you type nslookup www, it will be matched to www.cyberciti.biz

You can also use Public Name Servers

nameserver 8.8.8.8
nameserver 8.8.4.4

dig Command Examples - check DNS server

dig (domain information groper) is a DNS lookup utility.

$ sudo apt install dnsutils

$ dig techmint.com
...
;; Query time: 220 msec
;; SERVER: 100.100.100.100#53(100.100.100.100)
;; WHEN: Fri Aug 16 08:44:30 EDT 2024
;; MSG SIZE  rcvd: 57

$ dig @1.1.1.1 techmint.com
...
;; Query time: 68 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Aug 16 08:47:02 EDT 2024
;; MSG SIZE  rcvd: 57

# List All DNS Records Using dig
$ dig google.com ANY

100.100.100.100 is from tailscale. What is 100.100.100.100?
Quick hit: ‘dig’-ging Into r-project.org DNS Records with {processx}
Doggo Is A DNS Lookup Utility With Colorful Output, DNS-over-TLS and DNS-over-HTTPS Support

host command

Linux and Unix host Command Examples

DNSmasq (DNS + DHCP server)

Local forwarding server

dnsmasq program is running on my Ubuntu and Linux/Mint machines.

See nameserver 127.0.1.1 in resolv.conf won't go away!

$ ps -ef | grep -i dnsmasq

$ sudo netstat -anp | grep -i dnsmasq

DHCP server

Turn Raspi into a wireless hotspot / access point

ChatGPT. Remember to replace eth0 with the interface name connected to your home router and adjust IP ranges and settings according to your needs.

Install the DHCP Server

sudo apt install isc-dhcp-server
sudo nano /etc/default/isc-dhcp-server
INTERFACES="eth0 eth1"

Configure the DHCP Server

subnet 10.50.50.0 netmask 255.255.255.0 {
  range 10.50.50.10 10.50.50.100;
  option routers 10.50.50.1;
  option subnet-mask 255.255.255.0;
  option broadcast-address 10.50.50.255;
  option domain-name-servers 8.8.8.8, 8.8.4.4;
  default-lease-time 600;
  max-lease-time 7200;
}

Assign Static IP to the Second NIC
Enable IP Forwarding: Enable IP forwarding to allow internet access to the devices on the new network.

echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Set Up NAT: Use iptables to set up NAT (Network Address Translation) so that devices on the new network can access the internet.

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables-save > /etc/iptables.rules

DNS providers

DNS Resolvers Performance compared: CloudFlare x Google x Quad9 x OpenDNS
Best free and public DNS servers of 2020
The 6 Best Free Dynamic DNS Providers 2021
NextDNS: click 'Try it now for free' button and it will show the current DNS Server IP.

Benchmark, bottleneck

How to determine bottleneck in page load time? Use a plugin or if you have Chrome, use its built-in inspector. Google Chrome: Right-click on anything and click "Inspect element" and click "Network" tab on the new box that appears. Navigate to your site, you will now see in real-time how the browser is receiving the information

Change DNS setting

Why Changing DNS Settings Increases Your Internet Speed, 5 DNS Servers Guaranteed to Improve Your Online Safety
- https://1.1.1.1/, 隱私優先、速度最快，公共DNS服務1.1.1.1上線了
- Google: 8.8.8.8 and 8.8.4.4
- OpenDNS: 208.67.220.220 and 208.67.222.222
- DNS Watch: 84.200.69.80 and 84.200.70.40
- OpenNIC: 206.125.173.29 and 45.32.230.225
- UncensoredDNS: 91.239.100.100 and 89.233.43.71
Change DNS Settings on Windows / Mac / Android / IOS / Linux
Setup CloudFlare DNS On Ubuntu 16.04 / 17.10 / 18.04 Desktop
1. Open Ubuntu Network Manager (System settings > Network > Settings > Wired or Wireless or both)
2. Select both IPv4 and IPv6 and turn off automatic DNS IP settings… then type the custom Cloudflare DNS IP addresses you want to use…
You Can Now Use Cloudflare’s 1.1.1.1 DNS on Mobile

Command line

How to Find and Change Your DNS Server on Linux.

resolvectl status

resolvectl dns <interface> <dns address 1> <dns address2>

Domain Setup & SSL Certificates, HTTPS - NGINX & Docker Compose

Shiny Production with AWS Book

Flush DNS cache

How To Set Permanent DNS Nameservers

How To Set Permanent DNS Nameservers in Ubuntu and Debian

Test if you are using OpenDNS

https://welcome.opendns.com/

I try to change the DNS ip using either Network Connection GUI or modifying /etc/resolv.conf (& calling sudo /etc/init.d/networking restart). But it does not change anything??

Query DNS server

DNS leak test

To list the current DNS servers used by my system,

Method 1:

# Ubuntu >= 15
$ nmcli dev show | grep 'IP4.DNS'
$ nmcli device show <interfacename> | grep IP4.DNS
# Ubuntu <= 14
$ nmcli dev list iface <interfacename> | grep IP4

Method 2:

$ cat /etc/resolv.conf

Method 3 (macOS):

scutil --dns | grep nameserver
# cat /etc/resolv.conf

Another way is to use the R packages: gdns and dnsflare. More Options For Querying DNS From R with 1.1.1.1.

How to Check DNS Server IP Address

How to Check DNS Server IP Address in Linux

3 Ways to Check DNS Propagation Status

https://www.makeuseof.com/tag/check-dns-propagation-status/

DNS-over-HTTPS (DoH)

DNS tricks

5 DNS Servers Guaranteed to Improve Your Online Safety

http://www.makeuseof.com/tag/best-dns-providers-security/

5 Nifty Ways to Use DNS to Your Advantage

http://www.makeuseof.com/tag/nifty-ways-use-dns-advantage/

Discover subdomains

5 Powerful Linux Tools to Discover Subdomains as an Ethical Hacker

DNStracer

http://www.ubuntugeek.com/dnstracer-trace-dns-queries-to-the-source.html

Reverse DNS

Reverse DNS (rDNS) is a process that resolves an IP address back to a domain name, the opposite of a forward DNS query. What Is Reverse DNS and How Does It Work?

Dyndns and ddclient

According to a comment in this video, Cloudflare tunnel completely replaces the need for reverse proxy like Traefik/Nginx Proxy Manager.

Resources

https://help.ubuntu.com/community/DynamicDNS#ddclient (works)
https://help.ubuntu.com/community/DynamicDNS#Namecheap_.26_Python (works)
Using ddclient with Cloudflare ddclient version 3.9.0 for Ubuntu 18.04.1
*ddclient container

nano /etc/ddclient.conf on Debian 12. Use ddclient --help | grep version to find the installed version. See my 'ddclient' google doc.

Note that the specification should depend on the domain name registrar (eg namecheap). For namecheap, the login/password is NOT your actual credential from your domain name registrar. The password should be obtained from the domain name registrar website. The last line is about the host. If I am setting it up for a subdomain, I should enter the subdomain name (and skip the domain name part). The ssl=yes is to ensure the connection is made over https instead of http.

And run sudo ddclient -daemon=0 -debug -verbose -noquiet to verify ddclient is working. You shall get a long return with the last line looks like

SUCCESS:  updating YOURSUBDOMAIN: good: IP address set to XX.XXX.XXX.XXX

No matter which method we use, we can go to our DNS account (in namecheap, go to Dashboard -> MANAGE button -> Domains -> Advanced DNS) and temporarily change the global IP address to another one, run the update script and then check if the global IP address has been updated to the correct one.

sudo systemctl restart ddclient.service
# sudo /etc/init.d/ddclient restart

sudo service ddclient status

namecheap

It requires to set up 2-factor authentification.
How do I configure DDClient?
To create a subdomain, go to Dashboard -> Manage -> Advanced DNS tab. Click + ADD NEW RECORD. In the 'HOST RECORDS' section, pick 'A + dynamic dns record' and enter the subdomain name (HOST) with the IPv4 address (Value). In the 'DYNAMIC DNS' section, we can download the client software too (scroll down to get the download link). See How can I set up an A (address) record for my domain?
How to Add A Record with Namecheap, How can I set up an A (address) record for my domain?
- To understand different host records (A record, AAAA record, CNAME record, NS record, SRV record, TXT record, URL redirect record) See How do I set up host records for a domain?
CNAME (related to subdomain IP update)
If you've purchased an SSL certificate, you'll want to visit your Account Panel soon to enter your CSR and activate the certificate. Instructions on how to create a CSR and install the certificate on your server.
CloudFlare
- In namecheap, change NAMESERVERS to Custom DNS and enter hugh.ns.cloudflare.com & jill.ns.cloudflare.com. After this change, I won't be able to add new records.
- How to enable CloudFlare for your domain name
- How to set up DNS records for your domain in CloudFlare account
- Transfering DNS from Namecheap to CloudFlare.
Email forwarding
- forwardemail.net
Add https to your Namecheap Domain hosted on Github Pages

Cloudflare

Transfer your domain to Cloudflare
How To Transfer Domain From Namecheap To CloudFlare Instantly (video)
Configuring Dynamic IP auto-update for custom domain name(Alternative to dyndns, noip etc… )
Use a Dynamic DNS IP updater bash script for Cloudflare API. HomeLab 2: Web domain, subdomains and Dynamic DNS with Cloudflare API. cron was used to check the update every 10 minutes. The bash script is from https://github.com/K0p1-Git/cloudflare-ddns-updater.

Configure ddclient for Cloudflare Dynamic DNS

Cloudflare -> Use dynamic IP addresses

Cloudflare API. Cloudflare API DNS Update, Cloudflare dns dynamic ip updater script, cloudflare-ddns-script.
Cloudflare API + Docker from oznu. A docker container that allows you to use CloudFlare as a DDNS / DynDNS Provider. A video by DB Tech.
Cloudflare and Dynamic DNS with ddclient and docker
ddclient

daemon=3600				# check every 300 seconds
syslog=yes				# log update msgs to syslog
mail=root				# mail all msgs to root
mail-failure=root			# mail failed update msgs to root
pid=/var/run/ddclient.pid		# record PID in file.
ssl=yes					# use ssl-support.
use=web
protocol=cloudflare,        \
zone=YourDomain.com,        \
ttl=1,                      \
login=Cloudflare_Email_Addr \
password=Cloudflare_API_Key \
Subdomain1.YourDomain.com,Subdomain2.YourDomain.com

Test run

/usr/bin/ddclient -daemon=0 -debug -verbose -noquiet

ddclient + Docker from linuxserver. Cloudflare and Dynamic DNS with ddclient and docker. Use docker logs <container id> to check the log.
DNS-O-Matic

Mail

check the option of Mail Routing: I have mail server with another name and would like to add MX hostname...
In 'MX hostname' entering aspmx.l.google.com
In 'Primary' choose 'Yes, use it as my primary mail relay.'
How to Set Up Email at Your Domain for Free With Zoho Mail July 2019
How to Use a Custom Email Address With Gmail for Professional Emails
4 Ways to Use Custom Email Addresses

CDN

Why You Should Use a CDN to Improve Your Website’s User Experience

DuckDNS

Tracking your Dynamic ISP IP Address for use with your Home Server with Cloudflare DDNS & Duck DNS
- https://hub.docker.com/r/linuxserver/duckdns/
- It teaches how to create an API token from cloudflare (my profile). Create custom tokens.
- oznu/cloudflare-ddns docker container that allows you to use CloudFlare as a DDNS / DynDNS Provider.

no-ip

Similar to Dyndns. It has its own client program. Needs to build it yourself.
See the troubleshooting guide.
http://ducky-pond.com/posts/12 for instruction of setting autostart on Debian system.
http://www.coulterfamily.org.uk/pages/PCs/Linux/FAQ-LINUX-NO-IP-CLIENT.php for another approach.
Note: If noip2 cannot start automatically or noip2 does not update even it can be seen from ps -ef command, use sudo crontab -e command. For some reason, after I use sudo crontab, noip2 can update IP. So the only problem right now is it cannot update every 30 minutes even sudo noip2 -S says so. The problems may be 1. ps -ef shows the command runs from nobody user 2. sudo noip2 -S says it updates every 30 minutes via /dev/eth0 with NAT enabled.
Auto renew (confirm) noip.com free hosts

Mail

Allow only one MX record for each host for free no-ip account.
Click Host/Redirects > Manage Hosts > Modify.

DNS attack

What Are DNS Attacks and How Do You Prevent Them?

Proxy server

A List of Free Proxy Servers in 2022 (Individual Proxies). As we can see the port number varies by each server.
How to Use a Raspberry Pi as a Proxy Server (with Privoxy)
How to Install and Configure a Proxy Server? Docker
Self-host your own SOCKS5 Proxy Server with Docker including how to use FoxyProxy addon on your FF browser. It seems IP is the only way to check whether proxy is working.
How to Set up a Proxy Server on Android (Wi-Fi and Mobile). https://www.xmyip.com/ can check the proxy server from your browser. Two types of proxy: HTTP and SOCKS.
How to Check if Your Proxy is Working http://showmyip.com/.
What Is a Proxy Server and Should You Use One?

Zero trust network access

Cloudflare Tunnel

Cloudflare Tunnel is a service that allows you to securely connect your applications and infrastructure, wherever they are hosted, to the Cloudflare global network without exposing your origin server's IP address directly to the internet.

Advantages:
- No port forward
- No static IP or DDNS service

Cloudflare Tunnel
How to Securely Access Your Wi-Fi Router From Anywhere
Cloudflare Tunneling with Docker | How-to Guide
How to Build a Personal DIY Cloud Storage With Remote Access
Set Up a Cloudflare Tunnel to Expose Local Servers to the Internet using a lightweight tunneling daemon (cloudflared) which is available on Windows macOS & Linux & Raspberry Pi. Free domain is fine.
By using these new free CloudFlare Tunnels you don’t need ANY of that including the open ports on your local firewalls. How To Setup And Use CloudFlare Tunnels
How to Configure Cloudflare Tunnel on Ubuntu 24.04
Access Local PC With a Domain Name Using Cloudflare Tunnels

(video)
- Cloudflare Tunnels: Getting Started with Domains, DNS, and Tunnels (part 1) & Cloudflare Tunnels: Restrict Access with Google and Github (part 2).
  - It works. We can pick the free plan for Cloudflare Zero Trust. Then Tunnels option is now under Networks instead of Access.
  - Note in creating a policy, I choose Github authentication. In the Configure rules, I choose Emails & my email associated with Github account.
- You Need to Learn This! Cloudflare Tunnel Easy Tutorial
- How to Set Up CloudFlare Tunnels in 2025 | EP32 | How to Set Up a Homelab

SSH

DockFlare

tailscale

Tailscale is an alternative to cloudflare tunnel
https://tailscale.com/kb/use-cases/. Some of the most common ones include deploying internal apps anywhere without changing firewall settings, replacing site-to-site VPNs with WireGuard, transparently interconnecting microservices between data centers and pods, and VPN from the couch to the office and HQ. Tailscale also allows remote access to computer resources and applications from any location.
How NAT traversal works by tailscale
How I use tailscale

Wireguard tunnel

SelfHosted Gateway - WireGuard Tunnel for secure external access to all of your Self Hosted Apps & Notes

Pangolin

https://github.com/fosrl/pangolin. Tunneled Reverse Proxy Server with Access Control. Your own self-hosted zero trust tunnel
- Fossorial Docs
Pangolin: Your Own Self-Hosted Cloudflare Tunnel Alternative (db tech)
Install and Run Pangolin Locally on your own Server
Pangolin final and writing
Self-Host a Tunneled Reverse Proxy with Pangolin - Pi My Life Up

IP spoofing

What Is IP Spoofing and What Is It Used For?