So I got home assistant running for a couple of weeks now, and altough I’m completely new to programming, it’s pretty straight forward thanks to the awesome tutorials and explanations on the home assistant website.
I want a couple of things from HA, I want google assistant to connect to it. I want to be able to access it outside of my home network and I want it to be safe.
I currently use DuckDNS to make this happen. However I kind of want it to be standalone and not reliant on a external service. So I want to create this external connection myself and it needs to be safe (I’m a total leek forgive me). What is the best approach.
I discovered that dnsmasq might be an option, running on a raspberry. I can than have both HA and dnsmasq on one raspberry. Is this the right way to go? Is it safe?
Google assistant can connect 2 ways : through nabu casa, or through a FQN (domain name). For both you need an external service, either nabu casa or a domain name provider.
If you register a domain name, and point the dns records to your in-house dns server, it will work. But it is a bigger security risk then using cloudflare or even duckdns.
Not really. A DNS entry is just a DNS entry. Per-se, one doesn’t present more security issues than other…
Cloudflare is a reverse proxy, so there is an additional layer of “firewalling”, indeed.
You can tell me what you want : having your own dns server in-house is a big security risk, especially for people who have never setup their in-house servers. It is much better to use some space with a dns provider or domain name registrar.
I’m not talking about a pi-hole or so that is not accessible from the net.
Well, sure. Having any server exposed to Internet is a security risk in itself.
But DNS no more than any other, that’s my point, and the OP can surely use the DNS server of its registrar with its own domain.
Unless you have a static public IP, hosting a DNS server behind your ISP is not an option.
If you really want to host your own DNS server, you need to have a VPS leased somewhere, with a static public IP, to host it.
Then again, assuming that you have a ever changing home IP, you’ll have to handle that part yourself, duckdns way.
Definitely feasible (I do it), but not for the faint of heart regarding Linux sysadmin