DDNS worth setting up ? With Synology NAS

ng4ever

2[H]4U
Joined
Feb 18, 2016
Messages
2,661
Is it even possible to have a DDNS setup if it is not through your router? It would be on my Synology NAS.

What DDNS service I use as well please? Just the free synology one ?
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
5,068
I would not have the synology even connected to the Internet--too many ransomwares are targeting these and qnap units and succeeding.

Most dynamic IPs don't chnage if you leave the router on 24x7. I think I've seen not even 6 IP changes in 10 years on all 4x of the different ISP accounts I manage.
 

ng4ever

2[H]4U
Joined
Feb 18, 2016
Messages
2,661
I would not have the synology even connected to the Internet--too many ransomwares are targeting these and qnap units and succeeding.

Most dynamic IPs don't chnage if you leave the router on 24x7. I think I've seen not even 6 IP changes in 10 years on all 4x of the different ISP accounts I manage.

Ok good idea!

So just use my ip and the emby port to let family members connect instead ? Just asking.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
5,068
Anytime you expose something to the 'raw dogs' of the internet, it's a gamble. If the platform is updated regularly for security breeches, shouldn't be too bad of an issue. But if there was another way I'd do that. (Like set up site to site IPsec vpn tunnels between everyone and have a separate vlan where the emby sits so they can access it that way. But this is far too much trouble for most people to deal with even though it pretty much eliminates any attacks from the outside since you don't have to open ports in an insecure way.)
 

daglesj

Supreme [H]ardness
Joined
May 7, 2005
Messages
5,546
As I have said many times, just switch off and uninstall everything you don't need on a NAS and you should be fine.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
5,068
As I have said many times, just switch off and uninstall everything you don't need on a NAS and you should be fine.
That's not enough anymore as any nas exposed to the internet that's synology or qnap is a BIG ransomware target.
 
Joined
Oct 27, 2014
Messages
535
if you put your NAS facing the outside world make sure that it is air-gapped from your main network (or at least in a DMZ, separate VLAN) and that there are no real sensitive files on there. Manually add the files via a USB pen, or with a cheap intermediate laptop/device that is used to sync between the outside NAS and the inside files again air-gapped from your main machines but attached direct-to-NAS via ethernet (so you don't have to walk with a usb to the homeserver). Some routers (even basic ISP routers) have options to share things from a usb port on the back that gets placed in a DMZ, so there is that. This doesn't mean you should not have a NAS, just have two.. one for your main network and one for outside.
 

daglesj

Supreme [H]ardness
Joined
May 7, 2005
Messages
5,546
That's not enough anymore as any nas exposed to the internet that's synology or qnap is a BIG ransomware target.

Yeah file sharing and the network protocol is all you need. Switch off the internet/cloud/remote support/surveillance/streaming etc. etc. features.

None of the QNAPS I've rolled out...a lot of them...have been hit. Most if not all have had firmware update recently. Not pointing out to the internet.
 

bigstusexy

2[H]4U
Joined
Jan 28, 2002
Messages
3,194
Not addressing the securty questions.

Yes you can have other things do DDNS, as said, most times ISPs I've seen in recent years don't bother changing your address.
I use CloudDNS for this. I should add that I have my own domain as well, you'll need that with them.
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
811
Main reason is for Emby.

Maybe I am looking at this wrong.
I don't use this and really not overly familiar with it. That said, the only way I would allow connections to my internal storage would be from the inside. Translation: I would setup a 2FA vpn. Users would connect to said vpn and access resources from there. The only direct external access I allow is limited to known static /32 ipv4 IPs meaning no mobile devices have direct access.
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
5,068
Yeah file sharing and the network protocol is all you need. Switch off the internet/cloud/remote support/surveillance/streaming etc. etc. features.

None of the QNAPS I've rolled out...a lot of them...have been hit. Most if not all have had firmware update recently. Not pointing out to the internet.
But OP wants to use it for DDNS would mean it's exposed...
 

SamirD

Supreme [H]ardness
Joined
Mar 22, 2015
Messages
5,068
Not addressing the securty questions.

Yes you can have other things do DDNS, as said, most times ISPs I've seen in recent years don't bother changing your address.
I use CloudDNS for this. I should add that I have my own domain as well, you'll need that with them.
You can actually even do this by just getting a domain name and using the 'advanced dns' settings on the dns host to make subdomains on your domain that point to whatever addresses you want. nas1.yourdomain.com, nas2.yourdomain.com, etc.
 

ComputerBox34

[H]F Junkie
Joined
Nov 12, 2003
Messages
13,353
CloudFlare will provide DNS for free and allows you to update DNS records via API.

You could spin up a container like this one: https://hub.docker.com/r/oznu/cloudflare-ddns/ and have it update automatically or just do it manually when your IP actually changes. Can also be done if you are running a router that supports DynDNS updates such as PFSense which can update many different services.

As far as exposing things to the outside - would definitely not expose a NAS to the outside. If you have to expose a service like Plex, use a random port in the 40,000 or 50,000 range which won't be picked up by the script kiddies. Plex has a way of specifying what port you pick so you don't have to explain it to non-technical people. If you use a NAS as your main storage, put another machine in front of it running docker to run the actual application and access the NAS via NFS mount to get at your main content with read only permissions.
 
Top