Why Nebula lighthouse need a static IP?

[yonesmit]

I want to use Nebula as alternative to Tailscale, but, in the requirements I read:

"A lighthouse is the only node in a Nebula network whose IP should not change".

I want to setup lighthouse with dynamic IP (of course with a DNS that updates on each IP change).
Really Nebula can't resolve DNS, and later resolve from time to time to update to new DNS when it changes?
Yes, I know, there are cheap VPS, etc. but i want to host lighthouse myself.
Is there any real technical problem that prevents resolving lighthouse DNS to check for changes?

Thanks in advance
Best Regards,

[Cyberes]

I run my secondary lighthouse on a dynamic IP with a domain name pointing to it. It seems to work fine.

[yonesmit]

I run my secondary lighthouse on a static IP with a domain name pointing to it. It seems to work fine.

Yes of course, witha static IP is the recommended setting. My question is about using DYNAMIC ip in lighthouse, with a domainname pointing to it andupdated when IP changes.

[Cyberes]

That's not really a Nebula thing, it's more of a ddclient thing: https://ddclient.net/

[yonesmit]

It's a nebula thing. The documentation states that lighthouse need a static IP, to avoid this, and allow using dynamic IP lighthouse, all nodes need to refresh DNS (respecting the DNS TTL). If the requirement is static IP nodes can resolve at start and never resolve again because static IP is a requirement.

Best Regards

[nbrownus]

A DNS re-resolving PR is currently being discussed (#796) and our goal is to have support for this merged in time for the v1.7.0 release.

It would still be a best practice to run lighthouses with a static public ipv4 address since the primary purpose of a lighthouse is for overlay to underlay IP address discoverability and UDP hole punching when one or more hosts are trying to connect through a NAT.

Using DNS for lighthouse underlay IP address discovery is a choice that trades some reliability for convenience. nebula will not be able to query the lighthouse during the time between a dynamic IP address change, DNS record update, DNS record TTL expiry/cache flush, and finally a re-query of the DNS record. This also means DNS resolution failure is in scope for your mesh network. These trade-offs are entirely acceptable in certain networks though and in practice any issues are likely to be very minimal.

[yonesmit]

Hi nbrownus,
Thnaks a lot for the information.
That's exactly the answer I expected. Of course I know there can be small problems when lighthouse changes IP, but this (at last in my case) happens very infrequently, all I need is that the nodes refresh the lighthouse DNS frequently (as DNS TTL indicated).

Best Regards,