Question about DNS security and certificate pinning

Consider the following situation:
Let’s say you have a NC-Server with e.g. a noip DNS record for myserver.hopto.org and a NC-Client that is connected to myserver.hopto.org. I know and understand that the NC-Client checks whether the server has a valid certificate for that domain to prevent a Man in the Middle attack. But what stops No-IP from changing the DNS-record for myserver.hopto.org, getting a valid certificate for it and launching a Man in the Middle attack?

Hi.
Their credibility and their wish to continue to do business stop them
So yes technically they can change all their records. They own the noip domain after all !
But would NOIP do that ? That’s unlikely, I think.Q

As you are using an external service, you are expressing some level of trust to the peoples making it available. And the service trust you not to use it to make abuses, etc.
This trust is most of the time formalized as usage conditions.
If you are not willing to trust noip for DNS resolution you will eventually change to another service you trust more … or make your own DNS service.

Hope it answer correctly to your question.
Regards,
Aal.

Years ago I got a .com domain, mainly to keep email addresses consistent as I periodically changed providers due to relocation, promos and other reasons.

I linked to this blog in a different thread, but the first part is relevant here.

The first part of the howto is how to setup a ddns client using cloudflare. Once configured, just set up a cron job to run to update periodically.

For basic needs, cloudflare offers a free plan. Even at this tier level you get much more control over dns than with noip. Your only costs would be the annual domain registration (and hosting if you decide to get that too) - $10-20 /yr. No-ip work for very basic needs, but there’s too many limitations beyond that.