So, with the Cloudflare outage, I have found my self hosted services are not accessible outside of the home. I use a SWAG reverse proxy from linuxserver.io and bought my domain through cloudflare. I’m fairly new at this stuff, so is this a secure way of doing things? Does cloudflare have access to my data? I’m fairly new at this, so I apologize if this is a silly question. Is there some way to self host what cloudflare does?

  • renegadespork@lemmy.jelliefrontier.netEnglish
    31·
    10 days ago

    You can absolutely self-host DNS. Personally I use Pihole, and I had zero downtime of local services during the outage.

    The primary reason most people use Pihole is for DNS filtering, blocking unwanted things like ads, trackers, and malware from loading. However, you can also list local DNS entries that Pihole will answer authoritatively without forwarding it to a public DNS like CloudFlare.

    Of course, you will still need to use an upstream public DNS (like 1.1.1.1 for CloudFlare) or (8.8.8.8 for Google) for the public internet, and those sites would be subject to the same downtime as everyone else, but your local stuff will always resolve as long as your Pihole is available.

    If you want something even simpler, your router might also support adding local DNS entries, then you just need to use DHCP (don’t manually set DNS on your devices) and your router should take care of it for you.

    • Egonallanon@feddit.ukEnglish
      21·
      10 days ago

      I don’t believe pihole functions as an authorative DNS server though. Something like technetium does and they could be used as the nameservers for a domain while still offering all the same adblocking functionality that pihole does.

      Though pihole could work of you were relying on a VPN to access your stuff remotely.

      • renegadespork@lemmy.jelliefrontier.netEnglish
        1·
        10 days ago

        If you manually add local DNS entries, it won’t forward the lookup, it will just point the client to the IP you specify. I do this all the time for intranet communication because it’s faster and more reliable.

        • Egonallanon@feddit.ukEnglish
          2·
          10 days ago

          Sure but this won’t work if you’re accessing services outside your network like OP is doing. You’re going to need publicly available DNS records somewhere to do that.

        • non_burglar@lemmy.worldEnglish
          2·
          10 days ago

          Those are not authoritative responses, though. You can only add CNAME and A records to pihole, because it’s built on dnsmasq and not on bind/unbound.

          You can’t add SOA records to pihole. Or zone transfers, or any actual DNS server functions, really. Pihole is just a forwarder.