by jacobb » Fri Jan 21, 2022 9:45 pm
I just upgraded my internet connection from DSL to fiber. Nice to join the 21st century. Unfortunately, in the process I went from 4 static ip addresses to 1 dynamic ip address. Here's what I did.

I replaced all of the static ip address uses with local ip addresses (192.168.#.#). I configured the router to bind the relevant devices to the same local ip address for consistency.

I configured the router to use its DMZ feature so my server can handle requests from the internet.

I configured the router to use a dynamic DNS service (offered by TP-link) to update DNS when my dynamic IP address changes. I had to configure my various domains' DNS zone files to reference the host defined by the dynamic DNS service via suitable use of ALIAS and CNAME fields.

I configured my server's mail system (postfix) to use mail.sonic.com as an outgoing mail relay, since Sonic blocks outgoing email (to port 25). That also required updating various spf, dkim, and dmarc TXT fields in DNS. (I found it helpful to have an extra level of DNS indirection to minimize the changes to a single zone file.)

I found that one of my users relays too much email, causing Sonic to complain about apparent spam. I configured my server to support POP3 access (dovecot) and configured that user's gmail account to fetch email that way, eliminating most of the relay usage.

One last detail: I wanted some of my other local devices to be able to access services on the server that are not available to the full internet. I found it easiest to define a hostname "local.mydomain.com" as the server's local ip address. That gave me a convenient hostname for local services while allowing the server to limit access to those services to the local network. (If the local services use the server's public address, then the server can't tell that the connection comes from the local network.)

As far as I can tell, the fact that reverse DNS does not point to any of my domains does not matter, presumably because it could only reference at most one domain anyway.

I hope some of you find my summary helpful.