There are many DNS names options. Which one do you use?
fritz.box for the machines themselves because Fritz!BOX (although handed out by Pi-Hole),but .lan for anything going over the local proxy towards the same machine for TLS.
Some machines use my custom domain name instead of .lan, if they need to be accessible from outside. So these last ones go directly over the local proxy internally, but automatically over CloudFlare Tunnel and Authentik when not at home. The proxy being Caddy.
.lan for everything.
I also use .lan I used to use .local for years until I started to have conflict issues with .local resolution on Android when they started using mdns
I didn’t care about any of this (my off the shelf Router used .local) and then I started selfhosting more and using pFsense as a router OS. It defaulted to using home.arpa, which was so objectionable that I spent time looking into RFC 6762 and promptly reverted to .lan forever.
The official choices were: .intranet, .internal, .home, .lan, .corp, and .private. LAN was the shortest and most applicable. Choice made.
I use either .home or an actual domain that I own (makes it easy for https certs and not having to go out of the network and back in)
I tend to use .local
That will work fine so long as you don’t need services like Avahi and mDNS.
server.home for my part
*.internal.domain.namesince ssl certs are easier to get when you’re using an owned domain name.I use .lan for everything the router can resolve names for, and .local for Avahi mDNS 😈
There actually is a correct awnser: home.arpa
See https://www.ctrl.blog/entry/homenet-domain-name.htmli use my external zone name but have an internal view of the zone inside my lan so records point to local ips.
Same here. I have several domains, one is used for servers and email, 2nd for websites, 3rd for messing around (test setups) and a 4th is almost unused now, but with the demise of twitter and reddit I’m thinking of using that one for the fediverse (it’s my username in national tld).
BTW internal and external dns run on different systems and all private zones are dnssec signed. (Loved the challenge on setting that up correctly)
Same, I achieve this with Adguard DNS rewrite.
deleted by creator
Ah that’s a really good point. I will have to Google this so I can learn how it is done in iptables because I’ve only ever done it with pf on OpenBSD.
yep
I’ve never experienced any issues so far, the devices should be flushing the cache on network change in theory.
I use subdomains, i.<external domain>, w.<ext> for wifi, few others for vms and containers.
With wireguard everything just works, and wireguard overhead over wireless is negligible even on wifi6.
I agree on WireGuard. It’s clearly the winner in terms of speed for point to point VPN.
Exactly the same. I’d like to add that my devices still get a .lan TLD from the router.
Split Horizon DNS is the most seamless user experience.
I use different ones. Got an legit dpmain which I also use locally (with ssl certificates) and in my local network my server listens to SERVI. Just SERVI.
Idk is that wrong but I made up server name tride so .tride is my local domain
For local DNS
home.arpais I think what we’re ‘supposed’ to use, but I use .lanOnly use another domain name if you actually have it registered, like
myname.netor something. As a bonus you can then get a wildcard letsencrypt SSL cert for easy HTTPS.Why should you only use ones you own, even if it’s just local network?
Because of interference with existing domains. Say you set a computer on your network to
mypc.google.com, that won’t work because the DNS server will lookup google.com as an external domain.
nothing as home does work (meaning plain hostname) works by default on openwrt dns
While this works for most things, you will run into issues with certain software which automatically assume that no TLD means the provided address is incorrect.
Usually adding a slash at the end works if the protocol is http based
my server is just
serverI bought a .com for like $10 CAD from Cloudflare that uses a URL not linked to me.
Maybe overly paranoid, but it also makes it easy to get SSL certificates for my lab.
