I recently found out that you can get up to 3 free .eu.cc domain from GNAME, which also claims that you can renew for free when its within 90 days of expiring. So I got one to check it out.
Obviously, the next step is making one of my local machines act as the target destination for any queries to the address, so it becomes accessible for the wider web. I’m not entirely sure, however, what to configure on GNAME (there’s the option to setup A and AAAA records, which I suppose I should just point to my IP, but there’s also CNAME, TXT, NS, SRV and what configurations/programs my local server (rPi 3) needs to have running besides a webserver (Apache2 or Nginx)
My intent is to have it run a single-user fediverse server, possibly friendica, as it seems to have the best support for seeing all sorts of APub posts. If that proves too heavy for my old pi, I’ll try one of the lightweight APub alternatives
I know I’ll also need to do some configurations on my router, so I’d appreciate help on this, too.
You must log in or # to comment.
Kinda overlapping other replies, but to answer your question: A = your external IPv4 address
The rest could be empty AAAA = an external IPv6 address NS = a DNS server MX = Mail Server
TXT is just text, but it can be used by, ie Lets Encrypt to prove you own that domain for your SSL certificate
If you open TCP 80 / 443 on the open internet EVERYONE will probe you, but you want to run a Friendica server, so you kinda need that (disclaimer: I do not know how Friendica is setup)
So, you’ll need something (firewall, Fail2Ban, etc) to protect your server whilst also allowing it to federate to other servers.
I’d strongely suggest you put your server on a VPS with a provider that has some level of defense already setup for you.
I wouldn’t run this in your home network with putting it into a DMZ of some kind.
If you’re not using a domain for email, the MX record should not be left empty, as it can still be used maliciously.
Following a guide like this (it’s one of many) will ensure it’s not used at all:
Should probably note that “DMZ” in this context means a separate VLAN. Because the term is also commonly used to mean “DMZ host” where a router exposes a machine directly to the Internet. You want the former, not the latter.
But, more to the point, a beginner really shouldn’t be exposing anything to the Internet. 🙂 Running a public service as a person who doesn’t know how domains work will not end well.
No, I was referring to a separate DMZ host…
Physically separate firewall connection, with different firewall policies between internet<–> DMZ than DMZ <–> internal network.
Not a VLAN. VLAN Hopping makes it possible to jump between VLANs, so they should only be consided as an administration tool, not a security mechanism.
But, I agree with you, putting a device on the internet isn’t something that anyone should do without understanding the technical issues.
First of all I would suggest getting your own domain. There’s many TLDs and ccTLDs that will let you get a domain for $10/year or much less.
If you don’t want to pay then at least get a subdomain from somewhere reliable. Preferably a DNS service because you also get DNS management this way. My recommendation is DeSEC because it’s a German, privacy-oriented non-profit and it has a modern interface and modern features like an API, security tokens, support for recent record types, DNSSEC etc. And if you later decide to get a paid domain you can keep using DeSEC for it very easily.
Secondly, does your fediverse single-user server really need to be exposed to the internet to get updates? Can’t it pull them from other servers? That way you would reduce your risk a lot.
First of all I would suggest getting your own domain.
Isn’t this what I just did?
mydomain.eu.ccEven if I can’t get it to renew for free next year, the experience of setting stuff up should be worth it.really need to be exposed to the internet to get updates?
From my limited understanding of APub, it needs to be exposed/findable in order to send updates and for my
user@serverto show up. I’ll be reading https://www.w3.org/TR/activitypub/#server-to-server-interactions to know betterCan’t it pull them from other servers?
Tunnel through an existing server? Or what, exactly? Wouldn’t connecting through an existing fedi server also enforce its blocklist down to me?
Your eu.cc domains are fine. You don’t need to spend money on a 2nd-level domain if you’re happy with the longer name.
For comparison, I’ve had a nl.eu.org domain for decades, and never had any issues. I also had a number of .tk domains for a while and those all went away when the business managing the domain got sued out of existence. I currently use nom.es domains for various tests.
Isn’t this what I just did?
mydomain.eu.ccI mean the second part from the end (
.eu.). That’s not yours, and that means that themydomain.part can dissapear at any time. The owner can also do all kinds of unpleasant things that can affect your online presence.By “your own” domain I mean getting something of your own in that 2nd spot instead of “eu”. It doesn’t have to be on the
.ccregistry, it can be any established TLD like.com,.net,.org, it can be a country TLD aka ccTLD like.cc,.nl,.deand so on, or it can be a so-called “novelty” domain like.dev.Having your own domain means you can own it in perpetuity (well… old, established TLDs are better at this than novely TLDs) and have much better control over it.
Visit a domain registrar like Porkbun and have a look through their TLDs, check some prices, the privacy of your personal data etc.
Avoid registries that allow “premium” domains, it means that the registry can suddenly decide that the domain you own is very cool and force you to pay hundreds or thousands for the next renewal or lose it.
Wouldn’t connecting through an existing fedi server also enforce its blocklist down to me?
I’m not entirely sure on how you propose to use your server: if you just want to read stuff or also want to be able to post.
Your server can do things with another server in two ways, by exposing an open port and allowing the other server to do stuff locally through that port, or by connecting to a port opened on the other server and doing stuff there.
If the fediverse protocol mandates having a local port open to do stuff like posting, it may be impossible to avoid doing it.
point the AAAA/A records to your corresponding ips and allow incoming traffic on port 443, 80 on your Firewall. You may also need to set up a dyndns client if your isp changes your ipv4 frequently.
Yeah, I’ll need to set that dyndns, my IP4 isn’t fixed. Haven’t checked the IP6 tho, might try it later today - leaving the router turned off for some 10 minutes, then turning it back on will give me the answer
In your scenario, I would prefer to tunnel to the outside, as it could be risky to just open a port on your router and open a port on your computer. In this case, pointing the IP to a vps that your PC tunnels to or putting the record in cloudflares DNS, that way no automatic port searcher will try to nuke your network. There is dynamic DNS too.
There is cloudflare and other options too.
Edit: I do this with cloudflare, but privacy is very much not given with them.
An unauthenticated tunnel is still an ingress path same as an open port, just with more steps.
As I don’t have any VPS, it sounds like I’ll have to rely with cloudflare’s tunnel then? That or register with one listed here? https://github.com/savyasathe/free-vps
There are oracle’s free VPS too.
Using some very basic security, like minimal services and keeping stuff patched and having backups, and you’re probably fine. I’ve run stuff locally at home for decades and never had a security issue as far as I know. (I did have a problem with a hosted server that I shared with some friends 20 years ago, because at that time updating Fedora was a hassle and we let it get behind on updates.)
from what i know about ‘gname’ is that they’re popular with scammers and other bad actors. i would steer clear of them, even if they are ‘free’.
Do you have a static IP? Just point your domain to that. I only have A- MX- and CNAME-record. A is for the numerical IP. MX is for mail, I don’t use it. CNAME is for subdomains afaics (currently only contains www).
All fields are comma-separated lists.
NS stuff is for if you’re running a nameserver and I never even looked into it.
A records return the numerical address of a name.
CNAME returns a different name for a name. Basically ‘synonym’ so the maintainer only has to change the one master, A record when the IP address changes. Convenient to use CNAME to point www.example.com to example.com, but you can use it just as well to point example.com at my.private.host.xyz You can even chain multiple CNAMEs to make it easier to manage a complex backend structure while presenting a simple address to users.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters DNS Domain Name Service/System TLS Transport Layer Security, supersedes SSL VPS Virtual Private Server (opposed to shared hosting)
[Thread #11 for this comm, first seen 14th Jun 2026, 08:50] [FAQ] [Full list] [Contact] [Source code]
