I’ve wanted to install pihole so I can access my machines via DNS, currently I have names for my machines in my /etc/hosts files across some of my machines, but that means that I have to copy the configuration to each machine independently which is not ideal.
I’ve seen some popular options for top-level domain in local environments are *.box or *.local.
I would like to use something more original and just wanted to know what you guys use to give me some ideas.
do not use
.local
, as tempting as it may beuse
.home
personally“.home.arpa” for A records.
I run my own CA and DNS, and can create vanity TLDs like: a.git, a.webmail, b.sync, etc for internal services. These are CNAMEs pointing to A records.
RFC 6762 defines the TLDs you can use safely in a local-only context:
*.intranet
*.internal
*.private
*.corp
*.home
*.lanBe a selfhosting rebel, but stick to the RFCs!
How do you get https on those though? A lot of random stuff requires https these days.
I’ve never used DNS in my local network (because it’s additional burden to support, so I tried to avoid it), but couple of month ago when I needed several internal web-sites on standard http port, I’ve just came up with “localdomain.”
Yep, it’s non-standard too, but probability of it’s usage of gTLD is lowest among all other variants because of it’s usage in Unix world and how non-pretty it is :)
If DNS is a burden to support you’re doing it wrong. I set it up once and haven’t touched it since. Everything new that gets added “just works”.
It’s not like DNS is a huge burden by itself, it’s just approach of avoiding creation of critical services unless they become necessary. Because infrastructure around them is a burden: they needs additional firewall rules on middleboxes, monitoring, redundancy, IaC, backups etc.
I don’t fully follow that but like I said, sounds like you’re doing it wrong if you have to alter firewall rules every time you add a host because of DNS issues.
I use a custom domain for everything…email, internal dns, external (cf tunnels), and my public websites. I use to use AWS Route 53 for everything because of work, but moved to CF because it’s free and much easier to setup and manage.
For local devices I use *.local.domaingoeshere.com (wildcart cert), issued by cloudlfare. In retrospec I should have used *.int.domain.com as it would be less typing…but everything is categorized and bookmarked anyway.
I own lastname.me and lastname.dev and everything public is lastname.me and everything local ist lastname.dev. I don’t have a VPS anymore so the .me domain is a bit useless and only relevant for emails these days but I’d have something like nc.lastname.me for my public next cloud instance and docs.lastname.dev for my paperless instance that I don’t want to have on somebody else’s machine.
everything under *.home.mydomain.tld is reserved for internal use.
I have a registered domain and my lan domain is “int.registereddomain.com”. This way I can use letsencrypt etc for my internal hosts (*.int.registereddomain.com via dns challenge). The actual dns for my internal domain itself is not public but static records in pihole.
Can I ask why this is done over something like hosting your own certificate authority? I’m quite new to all this DNS stuff
I read the answers and I am wondering if I should change what I do.
I use the exact same domains and sundomains internally and externally. I simply have a DNS internally that will answer requests with local IP.
So I don’t have to address my machines with a different name when I am outside or inside.
Can someone explain to me what I missed ?