dipat is a Dynamic IP Address Tracker. Unlike dynamic DNS solutions, dipat is trustless: no registration or installation is necessary. Clients generate their own TLS certificates and regularly connect to a dipat server via HTTPS. The server saves the certificate fingerprint and the client IP address. Clients can retrieve their latest IP address associated with their certificate fingerprint using either HTTPS or DNS. Email (MX and TXT/SPF DNS records) and HTTPS (CAA DNS record for letsencrypt.org) are supported and automatically configured. Usage: - create client key and self-signed certificate: $ echo tls_www_client >template $ echo signing_key >>template $ certtool -p --bits=4096 --outfile=client.key $ certtool --generate-self-signed --load-privkey client.key --outfile client.cert --template template - periodically (e.g. every 5 minutes) connect to the dipat server: $ curl --key client.key --cert client.cert https://dipat.eu c101a171f1b1a161c1219101c1919171a111e191 46.165.253.23 - query the latest IP address via HTTPS: $ curl https://dipat.eu/sha1/c101a171f1b1a161c1219101c1919171a111e191 46.165.253.23 - query the latest IP address via DNS: $ dig +short c101a171f1b1a161c1219101c1919171a111e191.sha1.dipat.eu 46.165.253.23 - query DNS MX record: $ dig +short c101a171f1b1a161c1219101c1919171a111e191.sha1.dipat.eu mx 1 c101a171f1b1a161c1219101c1919171a111e191.sha1.dipat.eu. - query DNS TXT record for SPF support: $ dig +short c101a171f1b1a161c1219101c1919171a111e191.sha1.dipat.eu txt "v=spf1 a mx -all" - query DNS CAA record for letsencrypt.org support: $ dig +short c101a171f1b1a161c1219101c1919171a111e191.sha1.dipat.eu caa 0 issue "letsencrypt.org"