I’ve wanted to install pihole so I can access my machines via DNS, currently I have names for my machines in my /etc/hosts files across some of my machines, but that means that I have to copy the configuration to each machine independently which is not ideal.

I’ve seen some popular options for top-level domain in local environments are *.box or *.local.

I would like to use something more original and just wanted to know what you guys use to give me some ideas.

  • ohuf@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    RFC 6762 defines the TLDs you can use safely in a local-only context:

    *.intranet
    *.internal
    *.private
    *.corp
    *.home
    *.lan

    Be a selfhosting rebel, but stick to the RFCs!

  • ellipsoidalellipsoid@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    “.home.arpa” for A records.

    I run my own CA and DNS, and can create vanity TLDs like: a.git, a.webmail, b.sync, etc for internal services. These are CNAMEs pointing to A records.

  • DIYiT@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I own both mydomain.com as well as mydomain.me. I use the *.me as my local domain and *.com for the real world.

  • thetredev@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    dot lan. I don’t need let’sencrypt. I just ceeate my own CA, my own (wildcard) certificates, and install the CA into all my boxes that I want or need to have certificate verification succeeding.

  • Fortera@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    home.(real domain name)

    I can use LetsEncrypt via DNS-01 challenge, if I want to have anything accessible externally but be able to resolve to an internal IP internally then that’s a piece of cake to do too as a result.

  • mr_whats_it_to_you@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    It depends.

    • Do you want to have access from outside of your network or do you want to host several services to the public (in the future)? Then I would recommend buying your own public domain. It doesn’t need to be a TLD.
    • Do you only want to use your services privately? Then use home.arpa as explained in the rfc 8375.

    I would discourage you from using popular but misleading „local“ domains like .lan, .local, .home etc.

    That is because those domains might already be available in public. So when you use .lan for example your dns-queries might be forwarded to the public never resolving your privately hosted services name. It could also „leak“ private network information like on what port you try to access a service and how that services name is.

    Also you should highly evade .local which was also my mistake. Some services like MulticastDNS i.e. apple bonjour service rely on this domain. If you would use it unknown problems might be frustrating you.

    So if you host everything private, go for .home.arpa.

  • TheSecondist@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I bought a .casa domain Using it internally, but also routing one service to the outside with that domain

  • AnomalyNexus@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Managed to buy a really sweet domain so using that for both mail and local domain

    currently I have names for my machines in my /etc/hosts files across some of my machines

    A better way is to set the DHCP server to resolve local too via DNS.

    So in my case proxmox.mydomain.com and proxmox both resolve to a local IP…without any need to configure IPs manually anywhere.

    On opnsense it’s under Unbound >> Register DHCP Leases

  • murdaBot@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    My TLDs are:
    .lan = management/wired vlan
    .mobile = primary wifi
    .iot = locked down for iot/home automation devices .guest = guest wifi

    The domain for each is my public .io domain.

  • GrilledGuru@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I read the answers and I am wondering if I should change what I do.

    I use the exact same domains and sundomains internally and externally. I simply have a DNS internally that will answer requests with local IP.

    So I don’t have to address my machines with a different name when I am outside or inside.

    Can someone explain to me what I missed ?