I’ve wanted to install pihole so I can access my machines via DNS, currently I have names for my machines in my /etc/hosts files across some of my machines, but that means that I have to copy the configuration to each machine independently which is not ideal.
I’ve seen some popular options for top-level domain in local environments are *.box or *.local.
I would like to use something more original and just wanted to know what you guys use to give me some ideas.
“.home.arpa” for A records.
I run my own CA and DNS, and can create vanity TLDs like: a.git, a.webmail, b.sync, etc for internal services. These are CNAMEs pointing to A records.
RFC 6762 defines the TLDs you can use safely in a local-only context:
*.intranet
*.internal
*.private
*.corp
*.home
*.lanBe a selfhosting rebel, but stick to the RFCs!
How do you get https on those though? A lot of random stuff requires https these days.
https is not a problem. But you’ll need an internal CA and distributed its certificate to your hosts’ trust store.
do not use
.local, as tempting as it may beuse
.homepersonallyNothing. I have all devices using tailscale DNS and I refer to things in my network by their host name directly.
everything under *.home.mydomain.tld is reserved for internal use.
I use *.home.mydomain for publicly-accessible IPs (IPv6 addresses plus anything that I’ve port forwarded so it’s accessible externally) and *.int.mydomain for internal IPv4 addresses.
I own lastname.me and lastname.dev and everything public is lastname.me and everything local ist lastname.dev. I don’t have a VPS anymore so the .me domain is a bit useless and only relevant for emails these days but I’d have something like nc.lastname.me for my public next cloud instance and docs.lastname.dev for my paperless instance that I don’t want to have on somebody else’s machine.
Why use a different domain for local as external?
I use a custom domain for everything…email, internal dns, external (cf tunnels), and my public websites. I use to use AWS Route 53 for everything because of work, but moved to CF because it’s free and much easier to setup and manage.
For local devices I use *.local.domaingoeshere.com (wildcart cert), issued by cloudlfare. In retrospec I should have used *.int.domain.com as it would be less typing…but everything is categorized and bookmarked anyway.
Why not use *.domain.com ? If you own the domain you’ll never have a conflict that way
For those using a pihole for .internal.example.com, how do you deal with DNSSEC on example.com? Or do you just not?
.localis mDNS - and I’m using that, saves me so much hassle with split-horizon issues etc.I also use global DNS for local servers (AAAA records on my own domain), again, this eliminates split-horizon issues. Life is too short to deal with the hassle of running your own DNS server.
I had problems with .local because it’s used for MDNS and too lazy to figure out how that works so now I just use lan but I also own a .com domain so I have started to use that more
.damo
.app is suuuper cheap even for three letter domains. I picked one up for pennies with three letters that mean something to me and my partner and use a pair of redundanct piholes to serve local DNS for that domain. Externally it’s hosted on DigitalOcean for stuff I want external.
I mean… I use xtremeownage.com
But, ya know… I own it. Although, I use a few subdomains for my home-network, with a split-horizon DNS setup.
I use .lan for anything local and my public domain is .net for anything publicly hosted.
I just use my domain inside my network which is a .net