I’ve wanted to install pihole so I can access my machines via DNS, currently I have names for my machines in my /etc/hosts files across some of my machines, but that means that I have to copy the configuration to each machine independently which is not ideal.
I’ve seen some popular options for top-level domain in local environments are *.box or *.local.
I would like to use something more original and just wanted to know what you guys use to give me some ideas.
RFC 6762 defines the TLDs you can use safely in a local-only context:
*.intranet
*.internal
*.private
*.corp
*.home
*.lanBe a selfhosting rebel, but stick to the RFCs!
How do you get https on those though? A lot of random stuff requires https these days.
https is not a problem. But you’ll need an internal CA and distributed its certificate to your hosts’ trust store.
“.home.arpa” for A records.
I run my own CA and DNS, and can create vanity TLDs like: a.git, a.webmail, b.sync, etc for internal services. These are CNAMEs pointing to A records.
do not use
.local
, as tempting as it may beuse
.home
personallyI own a domain I purchased thru cloudflare.
public facing services are say xyz.mydomain.com
internal facing is xyz.local.mydomain.com
This was internal access pipes into pihole, DNS directs it to Traefik on my server, then to the internal service. Not internet dependent.
My TLDs are:
.lan = management/wired vlan
.mobile = primary wifi
.iot = locked down for iot/home automation devices .guest = guest wifiThe domain for each is my public .io domain.
I just use my domain inside my network which is a .net
.damo
*.oob.mydomain.tld
I own both mydomain.com as well as mydomain.me. I use the *.me as my local domain and *.com for the real world.
I own lastname.me and lastname.dev and everything public is lastname.me and everything local ist lastname.dev. I don’t have a VPS anymore so the .me domain is a bit useless and only relevant for emails these days but I’d have something like nc.lastname.me for my public next cloud instance and docs.lastname.dev for my paperless instance that I don’t want to have on somebody else’s machine.
Why use a different domain for local as external?
I use a custom domain for everything…email, internal dns, external (cf tunnels), and my public websites. I use to use AWS Route 53 for everything because of work, but moved to CF because it’s free and much easier to setup and manage.
For local devices I use *.local.domaingoeshere.com (wildcart cert), issued by cloudlfare. In retrospec I should have used *.int.domain.com as it would be less typing…but everything is categorized and bookmarked anyway.
Why not use *.domain.com ? If you own the domain you’ll never have a conflict that way
I have an io domain - mylastname.io
AD domain is home.mylastname.io
A place I put most apps running on my Kubernetes cluster is *.apps.mylastname.io
For those using a pihole for .internal.example.com, how do you deal with DNSSEC on example.com? Or do you just not?
I use .lan for anything local and my public domain is .net for anything publicly hosted.
.uk, but it is an actual .uk that I’ve registered.