Every device on the internet is identified by an IP address, which your Internet Service Provider (ISP) assigns to your home network. This is essentially your "address" online, and ISPs assign these addresses to end users in one of two forms. There's a static IP address (permanent) and a dynamic IP address (changing), where a static IP stays the same every time you connect, and a dynamic IP address will change periodically. For context, most residential internet plans use dynamic IPs by default via the ISP's DHCP servers, and in nearly all cases, this is actually beneficial to users.

For a self-hoster, you'd think that a dynamic IP address is inconvenient, especially if you have some services exposed to the web. With modern tools (like dynamic DNS and Cloudflare's proxy services), you can overcome the traditional challenges of a changing IP, while retaining all the benefits.

What's the difference between a static IP and a dynamic IP?

It's fairly self-explanatory

A static IP address is one that never changes (your ISP manually assigns it to you long-term), while a dynamic IP address can change over time, being doled out from a pool by your ISP's server and changing every so often. Think of a static IP address as living at a permanent address, tying you to that location but making it easier to find you. A dynamic IP address, meanwhile, is like renting different apartments and moving between them. It's harder to find you directly, but you can still update your forwarding addresses so that people can still reach you.

In practice, nearly all home internet users are on dynamic IPs, because ISPs found it more efficient and cost-effective to rotate addresses as needed rather than dedicate one forever to each customer. That's why, to get a static IP, you'd typically have to contact your ISP and maybe even pay an extra fee for a business-class service or a special plan that includes one. Meanwhile, dynamic IPs are the standard, where your router asks the ISP for an address via DHCP and gets one for a limited time. Most people will never notice when their IP address changes, so it's cost-effective for ISPs and doesn't affect end-users.

Of course, there are times when a static IP is crucial, such as when running a server where others need to reach it via its IP address directly. There are many potential workarounds for this, which means that you can reap all of the benefits of a dynamic IP address while still retaining connectivity to your self-hosted services while away.

A dynamic IP address has many advantages

Privacy, security, and cost

Dynamic IP addresses have become the default for many good reasons, and not all of them are cost-related. Because dynamic IPs are handed out automatically by your ISP's DHCP system, there's zero configuration required on your part. Your router or modem just grabs the next available address, and that's it; you now have an internet connection that can be shared with other devices on the network. In contrast, a static IP address in a lot of cases will require at least some coordination with your ISP, as it would need to be verified that the right person is claiming the right IP address, and could require specifying details like the subnet and gateway. This isn't anywhere near as "plug and play" as a dynamic IP address usually is.

As well, it's simply more cost-effective and can reduce the overall cost that you pay. Many providers reserve static IPs for business plans or charge a monthly premium for a residential static IP. By sticking with dynamic, you avoid these charges. The dynamic approach also lets ISPs efficiently reuse addresses, which is a big deal given the limited IPv4 address pool and is therefore more sustainable as a result. From a budget perspective, most home labbers (myself included) would rather spend money on new gear or cloud services than on paying $5-10 extra every month just for a fixed number.

However, one of the biggest advantages of a dynamic IP address is the security benefits that it offers. With a dynamic IP, your network's outward identity changes from time to time, which can make it harder for malicious actors to target you consistently. When I hosted my own SSH honeypot, until my IP address changed, I was still seeing constant port scanning attempts on my network that were being blocked by CrowdSec. In the same way that answering a spam caller once might now flag you as someone who picks up the phone and increases your chance of more spam calls, my honeypot had essentially done the same thing to the outside world, flagging my IP address as one that may have other exposed services.

Essentially, a dynamic IP is a moving target. For example, imagine a hypothetical attacker starts a denial-of-service attack on your IP; if that address is dynamic, you could reset your connection (or wait for the lease to renew) and come back online with a different IP, essentially dodging the attack. Even if someone targeted you specifically and found your IP address, a simple restart of your router sets that person back to square one. Likewise, any attempt to track your activity by IP over long periods becomes more difficult when your IP isn't constant. Companies have caught on to this practice, of course, and have developed other ways to track users, but it prevents this very rudimentary method at the very least.

In that same vein, you can also easily get away from IP addresses that have a poor reputation associated with them. I've personally experienced situations where a website blocked my IP address, and I didn't understand why, only to check an IP reputation site and discover that the one I currently had was deemed problematic. You could argue that this would never happen with a static IP, assuming that you were a normal internet user, but it's also not a difficult problem to get around.

There are workarounds for the times you might require a static IP address

Though sometimes you don't actually "require" one

If you run a public-facing server (such as a website, email server, or storage server) from home without any intermediary, a static IP ensures your server is consistently reachable at the same address. There's no need to provide your new IP to someone after a reset, and in the case of an email server, it's practically a must for a mail server. Many mail systems outright reject emails from dynamic IP ranges, as those are often associated with residential connections and potential spam bots. Plus, mail servers also need proper reverse DNS (PTR records), which ISPs typically only configure for static IPs. Certain protocols and services expect a static IP address, and in those instances, you'll typically have to pay for the workaround (such as an SMTP relay server) rather than trying to brute-force a way for it to work on a residential connection.

An increasingly common reason to opt for a static IP is if your ISP uses CGNAT for dynamic addresses. Under CGNAT, multiple customers share a public IP, and you don't truly have a unique external address reachable from the internet. This is a nightmare for self-hosting, as you don't have a directly routable IP address. Dynamic DNS and other tricks make static IPs unnecessary for most purposes unless your "dynamic" IP is actually behind CGNAT, in which case, you're out of luck.

So, assuming your dynamic IP address is not behind CGNAT, what are those tricks? Dynamic DNS, known as DDNS, is a service that automatically updates a DNS record to point to your current IP address whenever it changes. Whenever your ISP gives you a new IP, the dynamic DNS service updates the DNS entry for that hostname to the new IP, usually within seconds, and in my experience, downtime is less than a minute. Many free or low-cost DDNS providers exist, such as DuckDNS, No-IP, FreeDNS (Afraid.org), Dynu, and others. In fact, many consumer routers have built-in support for dynamic DNS, so you can simply enter your DDNS provider credentials, and the router will notify the service whenever a new IP is detected. Plus, there are many self-hosted tools that will do the same thing, too.

In my own experience, I’ve been using a dynamic DNS hostname for years at this stage now for various services, and I've personally settled on Cloudflare for the services that I do need to self-host for colleagues and friends. It updates nearly instantly thanks to the OPNsense DDNS service that I run, but there are countless alternatives out there that you can use too. Cloudflare has an API that supports this, so when OPNsense retrieves a new IP address from my ISP, it knows to call up Cloudflare and tell it to update the A records for my chosen subdomains to point to my new IP address. Plus, thanks to Cloudflare's proxy service, my IP address is still masked behind Cloudflare's servers. This setup took minutes, and for the people that I host it for, they never have to deal with it being down or inaccessible.

Of course, other services like Cloudflare Tunnel and Tailscale enable external access without a static IP address, too. A Cloudflare Tunnel can run on your home machine and maintain a connection to Cloudflare's servers. People visiting your site go through Cloudflare and into that tunnel to reach your machine without a static IP address or even any open ports on your firewall. As for Tailscale, you'll actually have a static IP address within your Tailnet.

I don't want a static IP address for my home connection

And most people shouldn't want one either

After years of tinkering with home networks and servers, I’ve realized that a dynamic IP address is better than a static one in nearly all cases for home users. They're flexible, cheaper, and the privacy benefits that I realized from my own testing far outweigh the benefits of a static address when there are so many ways to approach that problem in a way that it is no longer one. With the simple addition of dynamic DNS (and maybe services like Cloudflare or Tailscale), a dynamic IP can do almost anything a static IP can do.

To be completely fair, static IPs still have their place for certain specialized needs. If you’re running an email server at home or dealing with restrictive external systems that need to whitelist an IP for access, a static IP can still be important. However, for nearly every power user and all casual users, the dynamic IP address that your ISP provides you is preferable to a static IP address. A static IP address can be a nice-to-have in certain situations, but by and large, you're better off with a dynamic IP address in nearly all cases.

So, if you're thinking about spending that little bit extra for a static IP address, weigh up your options first. Unless you're behind CGNAT, there's no real reason to pay the extra for a static IP address if you don't strictly need it. If you fall into the group of people who do need it, then there's no other option, but most people don't, and the tools available to get around it lead to an experience that's just as good.