My router’s free DDNS worked, mostly. One afternoon I couldn’t reach home from a coffee shop. It came back hours later, but then it happened again the next week.
Free DDNS is best-effort, and other free providers had the same kind of complaints in their forums. Fortunately, DIY yourself isn’t too hard:
- $10/year for a .com
- free DNS hosting at Cloudflare
- a small cron job that updates the record via their API.
Reliability solved. But now home.example.com is a stable label on my home IP, trivially resolvable by anyone. Although it may not matter, I’d rather not put a label on it.
The hack
Instead of one subdomain, I create ~80 with random names, all pointing to random IPs within the same /24 as my real IP. Only one holds my actual IP; the other 49 are decoys pointing to neighbors in the block. From outside they all look identical: random strings resolving to residential IPs.
When my IP changes, the cron job updates the real one and reshuffles the decoys. If only the real one moved, a diff of two snapshots would give me away.
What it does and doesn’t do
You’re right to think this is “security by obscurity”, because it is.
The point is staying off opportunistic target lists. Someone brute-forcing subdomains for things to attack won’t find an IP that stands out. And getting from “I have a name” to “I have the right IP” costs more effort than those tools usually bother with.
The usual security practice still applies: close ports, keeping software updated, use keys instead of passwords, host stuff behind a VPN.