I’ve wanted to install pihole so I can access my machines via DNS, currently I have names for my machines in my /etc/hosts files across some of my machines, but that means that I have to copy the configuration to each machine independently which is not ideal.
I’ve seen some popular options for top-level domain in local environments are *.box or *.local.
I would like to use something more original and just wanted to know what you guys use to give me some ideas.
do not use
.local, as tempting as it may beuse
.homepersonally“.home.arpa” for A records.
I run my own CA and DNS, and can create vanity TLDs like: a.git, a.webmail, b.sync, etc for internal services. These are CNAMEs pointing to A records.
RFC 6762 defines the TLDs you can use safely in a local-only context:
*.intranet
*.internal
*.private
*.corp
*.home
*.lanBe a selfhosting rebel, but stick to the RFCs!
How do you get https on those though? A lot of random stuff requires https these days.
https is not a problem. But you’ll need an internal CA and distributed its certificate to your hosts’ trust store.
I bought a .casa domain Using it internally, but also routing one service to the outside with that domain
I just use my public domain (eg domain.com) and have split DNS setup.
I use home.arpa as the base dns as that play very well and are the official standard, then I have a domain for my reverse proxy. Of course I can use that domain for the whole network, but I like to split it up
I have 2 registered tlds in .dev and .net. I split their use using .net for personal/selfhosted sites and .dev for public facing.
.box since it’s recognized as valid TLD by many devices. Never use .local it’s reserved for multicast DNS.
Managed to buy a really sweet domain so using that for both mail and local domain
currently I have names for my machines in my /etc/hosts files across some of my machines
A better way is to set the DHCP server to resolve local too via DNS.
So in my case proxmox.mydomain.com and proxmox both resolve to a local IP…without any need to configure IPs manually anywhere.
On opnsense it’s under Unbound >> Register DHCP Leases
I have a registered domain and using it like this: service.machine.location.myregistereddomain.cz
You can use Let’s Encrypt certs inside lan if you use a real purchased domain.
My TLDs are:
.lan = management/wired vlan
.mobile = primary wifi
.iot = locked down for iot/home automation devices .guest = guest wifiThe domain for each is my public .io domain.
I use .home for the Windows domain/internal hosts and .online for my external domain as it was cheap, and the name I wanted was available.
To access self hosted stuff with working SSL certs,.I set up split DNS. On the internal DNS sever, I have a forward lookup zone for the .online domain with static A records for .online and all the subdomains pointing at the internal address of a caddy reverse proxy.
Being a bit of a rebel myself. I use ONLY a tld, and where subdomains would be used, I use domain.tld
This has lead me to discover quite a few projects out there that don’t parse domain names correctly, especially when you want to use an email like admin@tld and it cries because you have no dot.
https://datatracker.ietf.org/doc/html/draft-chapin-rfc2606bis-00
I use .host because .internal is too long to type and .local is a pita, but mostly because the browser actually tries to go there instead of some stupid search engine that tracks that kind of info and I don’t have to remember to put a slash at the end.
I use .lan as it’s shorter and IMO nicer looking than .local