I’ve wanted to install pihole so I can access my machines via DNS, currently I have names for my machines in my /etc/hosts files across some of my machines, but that means that I have to copy the configuration to each machine independently which is not ideal.
I’ve seen some popular options for top-level domain in local environments are *.box or *.local.
I would like to use something more original and just wanted to know what you guys use to give me some ideas.
RFC 6762 defines the TLDs you can use safely in a local-only context:
*.intranet
*.internal
*.private
*.corp
*.home
*.lanBe a selfhosting rebel, but stick to the RFCs!
How do you get https on those though? A lot of random stuff requires https these days.
do not use
.local
, as tempting as it may beuse
.home
personally“.home.arpa” for A records.
I run my own CA and DNS, and can create vanity TLDs like: a.git, a.webmail, b.sync, etc for internal services. These are CNAMEs pointing to A records.
I own both mydomain.com as well as mydomain.me. I use the *.me as my local domain and *.com for the real world.
dot lan. I don’t need let’sencrypt. I just ceeate my own CA, my own (wildcard) certificates, and install the CA into all my boxes that I want or need to have certificate verification succeeding.
home.(real domain name)
I can use LetsEncrypt via DNS-01 challenge, if I want to have anything accessible externally but be able to resolve to an internal IP internally then that’s a piece of cake to do too as a result.
It depends.
- Do you want to have access from outside of your network or do you want to host several services to the public (in the future)? Then I would recommend buying your own public domain. It doesn’t need to be a TLD.
- Do you only want to use your services privately? Then use
home.arpa
as explained in the rfc 8375.
I would discourage you from using popular but misleading „local“ domains like
.lan
,.local
,.home
etc.That is because those domains might already be available in public. So when you use
.lan
for example your dns-queries might be forwarded to the public never resolving your privately hosted services name. It could also „leak“ private network information like on what port you try to access a service and how that services name is.Also you should highly evade
.local
which was also my mistake. Some services like MulticastDNS i.e. apple bonjour service rely on this domain. If you would use it unknown problems might be frustrating you.So if you host everything private, go for
.home.arpa
..local
.space is the only answer, have to buy that though
I bought a .casa domain Using it internally, but also routing one service to the outside with that domain
Managed to buy a really sweet domain so using that for both mail and local domain
currently I have names for my machines in my /etc/hosts files across some of my machines
A better way is to set the DHCP server to resolve local too via DNS.
So in my case proxmox.mydomain.com and proxmox both resolve to a local IP…without any need to configure IPs manually anywhere.
On opnsense it’s under Unbound >> Register DHCP Leases
I use `.home.arpa` as that is the “official” use of that domain.
My TLDs are:
.lan = management/wired vlan
.mobile = primary wifi
.iot = locked down for iot/home automation devices .guest = guest wifiThe domain for each is my public .io domain.
I read the answers and I am wondering if I should change what I do.
I use the exact same domains and sundomains internally and externally. I simply have a DNS internally that will answer requests with local IP.
So I don’t have to address my machines with a different name when I am outside or inside.
Can someone explain to me what I missed ?
I own a domain I purchased thru cloudflare.
public facing services are say xyz.mydomain.com
internal facing is xyz.local.mydomain.com
This was internal access pipes into pihole, DNS directs it to Traefik on my server, then to the internal service. Not internet dependent.