All Blogs

DDNS for Business Production Workloads: Should You?

06/07/2023

Link

I've been working with AtomicAsher LLP, a bootstrapped company to get their technical flows decided and set up in order.

The internet connection we had was a non-business connection under the founder Anirudh's account. We decided to upgrade it to the Airtel Business Broadband Plan. We decided to proceed with the INR 799/m plan which satisfies our usage. Upon doing the formalities and Airtel's personnel visiting the office, we received an email about the service in which it was mentioned that we'll get a free static IP for our connection.

Most of the company services are in the Minimum Viable Product (MVP) stage as of this writing, where spending money on cloud deployment solutions didn't make much sense. Since Airtel's email promised us a free static IP, we decided to set up an in-house server for our deployments, Linux based development environment, and centralized file hosting. We purchased the hardware and the connection was upgraded.

Airtel's Misleading Email

When we tried to redeem the free static IP from the Airtel dashboard, it bummed us that for our plan the free IP is not available. To get a static IP we had two options from Airtel:

  1. Upgrade the broadband plan

  2. Pay them an additional INR 99/m for the static IP

Our communication attempts with Airtel were in vain with no solid accountability for the email from their side.

We had planned the architecture of our systems, invested in the hardware, and most importantly, spending money on the cloud for trial and testing didn't make sense.

Enter DDNS

Upon exploring our options, we came across Dynamic Domain Name System (DDNS).

Dynamic DNS (DDNS) is a method of automatically updating a name server in the Domain Name System (DNS), often in real time, with the active DDNS configuration of its configured hostnames, addresses or other information.

~ Wikipedia

Since it seemed to eliminate our need for a static IP, we decided to go ahead with it and not purchase a static IP.

Our Network Architecture

Since Airtel's router/access point didn't offer many features and control, we decided to use a Ubiquiti Dream Machine (UDM) lying around in our hardware treasury as our primary network controller. We disabled the DHCP of the Airtel device and turn off its wifi and use it only as a medium to interact with the fiber optic network cable.

To our surprise, Airtel has locked down the firmware so much that we couldn't disable the wifi from the dashboard ourselves.

We gave a WAN static IP to the UDM and made it our primary network controller.

Airtel's unsolicited control

We asked Airtel about turning off the wifi and Airtel turned off the wifi signal of the physical device IN OUR OFFICE from THEIR SIDE via their control panel. This immediately made us question the access and control Airtel has over us and raised privacy concerns. But without much choice, we kept it aside and moved on.

Airtel and DDNS Providers

From our research, no-ip seemed the most lucrative provider for free and reliable DDNS. But to our surprise, Airtel doesn't support no-ip as a provider in its dashboard. The available providers were either:

  1. Paid and expensive

  2. Their sites were 404

Stunned by this behavior, we reached out to their support who gave us vague responses like "your query has been forwarded to the respective team" for 2 days. The same individuals who turned off our wifi swiftly needed a team to respond to no-ip as a DDNS provider.

Personally, I find this hard to digest🤔

Finally DDNS

With the UDM supporting no-ip as a DDNS provider, we signed up on no-ip and tried to set up our DDNS. With some initial issues with IP updates and other things, we managed to get DDNS working.

When we hit our DDNS link, the Airtel router's management dashboard page is typically visible at 192.168.1.1 loaded. Surprisingly Airtel had port 80 open for us or didn't block the traffic yet or whatever, we had some progress.

Port Forwarding

We expected traffic to flow like this:

hit to our ddns URL -> port of Airtel -> Port of UDM -> Port of Server

But this isn't how it was happening. After quite some time spent playing around with different port forwarding and firewall config, we discovered that there was no port forward needed in the Airtel device. Adding firewall rules in the UDM did the trick and finally traffic hit our server 🥳

Accessing from Our WiFi

We hosted a sample application on a port to test out the DDNS working. Trying to access them while connected to the in-office wifi didn't work. Accessing from a different internet connection somehow worked.

Then we discovered that usually with DDNS this happens and the solution to this is more work.

Checkout this SuperUser thread to learn more about this.

The solution to this as far we understood was to make a DNS entry in our local DNS to resolve the DDNS URL. We planned on setting up Pi-hole for ad-blocking and local DNS.

DDNS Performance

For a base API of hello world, without any DNS or any other caching, it took less than 100ms in response time. So the DDNS setup for us was fast enough.

Enter NGINX

NGINX is a web server that can also be used as a reverse proxy. We set up NGINX on our server. As mentioned earlier, on our port 80, Airtel's login page was loading. When we tried to access it after some days when our NGINX was set up, we were not surprised to see that it didn't load. A possible reason for that we believe is Airtel blocking the port 80.

We changed NGINX to run on a different port and we were able to access it via OurUrl:port

We could set up a port 80 redirect in no-ip wherein it would redirect the traffic for port 80 to some other port. But, that was not free and we needed to upgrade to premium for that. And the base premium rate as of 30th June 2023 was $1.99/m.

SSL & Domain Issues

We needed SSL. SSL from no-ip would cost us. We also needed a subdomain for our server under our main domain. Doing these things was complicated, tiring, and time-consuming.

The Realization

We went with DDNS to save the INR 99/m, but we were now at a point where it was costing us billed time and effort to get it all up. We ultimately gave up and got a static IP from Airtel. Following is our reasoning:

  1. Is it worth it?

    As a business, saving every penny you can is important. But if this little saving is costing in terms of time and effort, then is it worth it?

  2. Figuring it all out

    No one in-house had the practical experience of dealing with DDNS and the things discussed here. It was a figuring-out journey where we had to sit and look things up and try it and get it working. This costs time.

  3. People working on it

    With the size of the organization, we had only one big brain (me ofc) working on it all. Only that one person knew what all things were done to get it all working. So the documentation, knowledge transfer, and debugging would all depend on the person, whose talent is better utilized in other important aspects.

  4. Delays Introduced

    For in-house machine learning workloads, we planned to put it on a VM on the server hardware with GPU for efficient and multiuser workloads. Also, to allow access to company and in-office resources for the hybrid workforce, we needed a firewall and VPN config. All of this depended on our server which got delayed.

    Apart from this, ready-to-be-deployed applications got delayed which needed to be showcased to investors and clients.

  5. Why not Cloud VM?

    Cloud VMs cost money. Given that we don't have production load and revenue yet, it doesn't make sense to invest money into those. Also, we have machine learning workloads that need GPUs. Cloud GPUs are quite expensive. We'd rather invest in our GPUs and in case they become dry with a lack of ML workloads, play CS: GO on them.

Conclusion

We finally got a static IP from Airtel and set up our systems. The final two cents are that it's fine to try out things up to a certain degree but know when to stop. Overall being in the discovery and MVP phase, we got our learnings, got to know about some new services out there and expand our horizons. But that might not be the case with you, so think.

If you're thinking about DDNS, don't just think about the cost of the static IP, think about the people time your workforce spent on it, because you pay them, it's costing you anyways.

Check out Atomic Asher and get in touch. We might be hiring, check our jobs page.

This blog is written by Wilfred Almeda, check out his other blogs too.

Disclaimer:

These are my thoughts, experiences and opinions. If you disagree with my points above, reach out to me and let's have a discussioin.

These thoughts do not reflect the opinions of Atomic Asher LLP.