I’ve wanted to install pihole so I can access my machines via DNS, currently I have names for my machines in my /etc/hosts files across some of my machines, but that means that I have to copy the configuration to each machine independently which is not ideal.

I’ve seen some popular options for top-level domain in local environments are *.box or *.local.

I would like to use something more original and just wanted to know what you guys use to give me some ideas.

  • ohuf@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    RFC 6762 defines the TLDs you can use safely in a local-only context:

    *.intranet
    *.internal
    *.private
    *.corp
    *.home
    *.lan

    Be a selfhosting rebel, but stick to the RFCs!

      • Diligent_Ad_9060@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        https is not a problem. But you’ll need an internal CA and distributed its certificate to your hosts’ trust store.

  • ellipsoidalellipsoid@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    “.home.arpa” for A records.

    I run my own CA and DNS, and can create vanity TLDs like: a.git, a.webmail, b.sync, etc for internal services. These are CNAMEs pointing to A records.

  • Aurailious@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I have 2 registered tlds in .dev and .net. I split their use using .net for personal/selfhosted sites and .dev for public facing.

  • DirectReflection3106@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    In home decided to use .dot because for some reason chrome and chromium based do not automatically redirect it to https ,(at least for now) when you just type in the address in address bar, and do not redirect to search. So much more comfortable… why?.. ok, it maybe break access to all .dot sites but I never see something for me in that zone so so don’t care

  • MrSliff84@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I Just use a .de tld and for all my sites a *.mysite.mydomain.de.

    Ssl certs from cloudflare with a dns challenge for internal use.

  • Mint_Fury@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I use .lan for anything local and my public domain is .net for anything publicly hosted.

  • iavael@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’ve never used DNS in my local network (because it’s additional burden to support, so I tried to avoid it), but couple of month ago when I needed several internal web-sites on standard http port, I’ve just came up with “localdomain.”

    Yep, it’s non-standard too, but probability of it’s usage of gTLD is lowest among all other variants because of it’s usage in Unix world and how non-pretty it is :)

    • tech2but1@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      If DNS is a burden to support you’re doing it wrong. I set it up once and haven’t touched it since. Everything new that gets added “just works”.

      • iavael@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        It’s not like DNS is a huge burden by itself, it’s just approach of avoiding creation of critical services unless they become necessary. Because infrastructure around them is a burden: they needs additional firewall rules on middleboxes, monitoring, redundancy, IaC, backups etc.

        • tech2but1@alien.topB
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I don’t fully follow that but like I said, sounds like you’re doing it wrong if you have to alter firewall rules every time you add a host because of DNS issues.

          • iavael@alien.topB
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I am not speaking about maintainance of DNS zones (that’s easy), but about maintanance of authoritative DNS servers.

  • DullPhilosopher@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I’ve got a .com for my internal only services with tls and a .pro for my external facing services. I could probably throw them all on one but because legacy (I didn’t think things through) I have two

  • 404invalid-user@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I had problems with .local because it’s used for MDNS and too lazy to figure out how that works so now I just use lan but I also own a .com domain so I have started to use that more