There are many DNS names options. Which one do you use?
I tend to use .local
That will work fine so long as you don’t need services like Avahi and mDNS.
i use my external zone name but have an internal view of the zone inside my lan so records point to local ips.
deleted by creator
Ah that’s a really good point. I will have to Google this so I can learn how it is done in iptables because I’ve only ever done it with pf on OpenBSD.
yep
I’ve never experienced any issues so far, the devices should be flushing the cache on network change in theory.
Split Horizon DNS is the most seamless user experience.
I use subdomains, i.<external domain>, w.<ext> for wifi, few others for vms and containers.
With wireguard everything just works, and wireguard overhead over wireless is negligible even on wifi6.
I agree on WireGuard. It’s clearly the winner in terms of speed for point to point VPN.
Same here. I have several domains, one is used for servers and email, 2nd for websites, 3rd for messing around (test setups) and a 4th is almost unused now, but with the demise of twitter and reddit I’m thinking of using that one for the fediverse (it’s my username in national tld).
BTW internal and external dns run on different systems and all private zones are dnssec signed. (Loved the challenge on setting that up correctly)
Exactly the same. I’d like to add that my devices still get a .lan TLD from the router.
Same, I achieve this with Adguard DNS rewrite.
hostname.vlan.local.lan
local.lan is the only fixed part of my fqdn’s
I use a subdomain of a domain name I own.
I use
home.arpafor all my LAN hosts.For local DNS
home.arpais I think what we’re ‘supposed’ to use, but I use .lanOnly use another domain name if you actually have it registered, like
myname.netor something. As a bonus you can then get a wildcard letsencrypt SSL cert for easy HTTPS.Why should you only use ones you own, even if it’s just local network?
Because of interference with existing domains. Say you set a computer on your network to
mypc.google.com, that won’t work because the DNS server will lookup google.com as an external domain.
server.home for my part
There’s a draft rfc that defines “.home.arpa” as an internal. It looks stupid and totally misses the point, but works.
Yeah, but it’s a proposal, so not really better that .lan.
Yes, it does look stupid. I’d rather .lan just be reserved for private networks.
my server is just
serverYou shouldn’t use .local for your manually defined local domain names if you plan to ever use mdns/avahi/bonjour/zeroconf.
And
.boxhas been registered as a generic TLD now, so you could run into external .box domains.Hopefully AVM gets to register
fritz.boxthen, because they’ve been setting up their customers with that as their internal domain for ages…
I actually use .lan for an internal domain but I guess I could use a real domain with the DNS-01 challenge and have real internal certificates. I had not thought about that until just now.
There actually is a correct awnser: home.arpa
See https://www.ctrl.blog/entry/homenet-domain-name.htmlI just bought an actual domain and use that 😅
As an added bonus, letsencrypt works with no effort.
same. saved my ass already a few times when doing some reverseengineering voodoo. being able to set a valid https cert makes it easier to redirect apps than to bypass forced HTTPS. had to pretend to be a update server for something once and patching the URL was enough via getting a cert quickly (using DNS-01 challenge, no exposed ports ever)
Same here. Well worth it for $10 a year
I bought domain from joker.com, 10 years for $33
What? How they sell for so long?
I don’t know but they do. I picked the cheapest name I could find and went with it.
Checked and they still do sell domains for 10y but price has gone up.
Idk is that wrong but I made up server name tride so .tride is my local domain
*.internal.domain.namesince ssl certs are easier to get when you’re using an owned domain name.I use either .home or an actual domain that I own (makes it easy for https certs and not having to go out of the network and back in)
