Kubernetes Home – what do you do if your ISP changes your IP addresses?

Original Article ↗ Hacker News Discussion ↗

Dynamic IPs & DNS Approaches

  • Many commenters say changing residential IPs are a solved problem:
    • Use dynamic DNS (DDNS) to update A/AAAA records via cron, router support, or registrar APIs.
    • Some just update DNS manually because their IP changes “once in a blue moon.”
  • In some regions (notably Germany), forced daily reconnects and CGNAT make DDNS essential and manual updates impractical.
  • Some ISPs keep IPs/prefixes effectively static as long as equipment stays online; others explicitly refuse static IPs on consumer plans.

Debate: DDNS vs “Professional Taste”

  • One commenter dismisses DDNS as “unprofessional,” but several push back:
    • DDNS is widely implemented by major DNS providers and clouds.
    • It’s often better than paying for a static IP that still occasionally changes or drops.
    • DDNS does not inherently mean using sketchy or third‑party domains; you can use your own zone.

Tunnels, Proxies, and Offloading Ingress

  • Strong advocacy for not exposing home IPs directly:
    • Use Cloudflare/Tailscale/WireGuard or a cheap VPS as an ingress/proxy and tunnel into the home network.
    • Benefits: no port forwarding, ISP IP becomes irrelevant, added insulation from the open internet.
  • Counterpoints:
    • Adds components (tunnel + external node) and new single points of failure.
    • If local DNS isn’t maintained, an internet outage may also break internal access.
    • Some see “magic tunnels” as just another opaque dependency with its own risks.

Kubernetes at Home & the Article’s Approach

  • Some think Kubernetes for a single-node homelab is unnecessary complexity and that the author lacks networking fundamentals.
  • Others argue homelabs are precisely for experimentation: learning k8s, operators, MetalLB, etc., is a valid hobby goal.
  • Technical clarification:
    • The author uses ISP-assigned IPv6 (via prefix delegation) directly on ingress/MetalLB.
    • Custom code queries the gateway for the current IPv6 prefix and rewrites MetalLB pools and firewall/Unifi config when the prefix changes.
    • Multiple participants call this “bizarre” but acceptable as a learning project; in production they’d prefer DDNS or a static/persistent prefix.

IPv6-Specific Issues

  • Some mobile networks allow inbound IPv6, enabling neat DDNS+Cloudflare setups from phones.
  • Others note that changing IPv6 prefixes on residential lines remain a pain point with no fully “nice” solution besides hoping the ISP is stable or tunneling via HE.net/others.