this post was submitted on 10 Jul 2023
40 points (97.6% liked)

Selfhosted

40729 readers
597 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

There are many DNS names options. Which one do you use?

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 35 points 1 year ago* (last edited 1 year ago) (2 children)

I just bought an actual domain and use that πŸ˜…

As an added bonus, letsencrypt works with no effort.

[–] [email protected] 5 points 1 year ago (1 children)

Same here. Well worth it for $10 a year

[–] [email protected] 2 points 1 year ago (1 children)

I bought domain from joker.com, 10 years for $33

[–] priit123 1 points 1 year ago (1 children)

What? How they sell for so long?

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

I don't know but they do. I picked the cheapest name I could find and went with it.

Checked and they still do sell domains for 10y but price has gone up.

[–] [email protected] 3 points 1 year ago

same. saved my ass already a few times when doing some reverseengineering voodoo. being able to set a valid https cert makes it easier to redirect apps than to bypass forced HTTPS. had to pretend to be a update server for something once and patching the URL was enough via getting a cert quickly (using DNS-01 challenge, no exposed ports ever)

[–] [email protected] 19 points 1 year ago* (last edited 1 year ago) (4 children)

According to IETF, you should only use .intranet, .internal, .private, .corp, .home or .lan for your private network ( RFC 6762 Appendix G ). Using other TLDs might cause issues in the future, especially since new gTLDs seems to show up every few months or so, which can collide with the TLD you use for your local network.

[–] [email protected] 11 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Interesting, so this is the latest recommendation? Which is probably why I haven't seen it in the wild yet, at least in my circles.

Which means they probably going to ~~cash out~~ release gTLDs for .intranet, .internal, .private, .corp, .home and .lan soon...

[–] vegetaaaaaaa 5 points 1 year ago* (last edited 1 year ago) (2 children)

A problem with the .lan TLD (maybe others from this list) is that web browsers do not consider it a TLD when you type it in the address bar, and only show you the option to search for that term in your default search engine. You have to explicitly type https:// before it, to have the option to visit the URL.

E.g type example.com in the address bar -> pressing Enter triggers going to https://example.com. Type example.lan -> pressing Enter triggers a search for example.lan using your default search engine.

[–] [email protected] 17 points 1 year ago

Little known trick--or perhaps everyone knows it and is quietly laughing behind my back--with Chromium browsers and Firefox (and maybe Safari, I'm not sure), you can add a slash to the end of an address and it will bypass the search.

So, for example, my router on the LAN goes by the hostname "pfsense". I can then type pfsense.lan/ into my address bar and it will bring me to the web UI, no HTTP/s needed.

[–] [email protected] 3 points 1 year ago

You can throw a / after to force it to recognize as a URL too.

[–] [email protected] 4 points 1 year ago (2 children)

@redcalcium
Really? Not .local? Why is it the default on so much?
@zephyr

[–] zorflieg 5 points 1 year ago

A long time ago Microsoft and some teaching sources used .local in example documentation for local domains and it stuck. Like contoso.com was Microsoft's example company. I was taught to use .local decades ago and it took a very long time to unlearn it.

[–] [email protected] 4 points 1 year ago (1 children)
load more comments (1 replies)
[–] [email protected] 2 points 1 year ago

I can vouch for the fact that .local stopped working suddenly in most browsers a year or two ago, I was forced to migrate to .internal

[–] [email protected] 19 points 1 year ago (2 children)

You shouldn't use .local for your manually defined local domain names if you plan to ever use mdns/avahi/bonjour/zeroconf.

[–] [email protected] 10 points 1 year ago (1 children)

And .box has been registered as a generic TLD now, so you could run into external .box domains.

[–] Perhyte 8 points 1 year ago

Hopefully AVM gets to register fritz.box then, because they've been setting up their customers with that as their internal domain for ages...

[–] [email protected] 2 points 1 year ago

I actually use .lan for an internal domain but I guess I could use a real domain with the DNS-01 challenge and have real internal certificates. I had not thought about that until just now.

[–] [email protected] 12 points 1 year ago

There actually is a correct awnser: home.arpa
See https://www.ctrl.blog/entry/homenet-domain-name.html

[–] [email protected] 12 points 1 year ago (6 children)

i use my external zone name but have an internal view of the zone inside my lan so records point to local ips.

[–] InverseParallax 3 points 1 year ago (1 children)

I use subdomains, i., w. for wifi, few others for vms and containers.

With wireguard everything just works, and wireguard overhead over wireless is negligible even on wifi6.

[–] [email protected] 2 points 1 year ago

I agree on WireGuard. It's clearly the winner in terms of speed for point to point VPN.

[–] [email protected] 3 points 1 year ago

Split Horizon DNS is the most seamless user experience.

[–] tiwenty 2 points 1 year ago

Exactly the same. I'd like to add that my devices still get a .lan TLD from the router.

[–] [email protected] 2 points 1 year ago

Same, I achieve this with Adguard DNS rewrite.

[–] TheInsane42 2 points 1 year ago* (last edited 1 year ago)

Same here. I have several domains, one is used for servers and email, 2nd for websites, 3rd for messing around (test setups) and a 4th is almost unused now, but with the demise of twitter and reddit I'm thinking of using that one for the fediverse (it's my username in national tld).

BTW internal and external dns run on different systems and all private zones are dnssec signed. (Loved the challenge on setting that up correctly)

[–] KairuByte 10 points 1 year ago

*.internal.domain.name since ssl certs are easier to get when you’re using an owned domain name.

[–] [email protected] 8 points 1 year ago (2 children)

There’s a draft rfc that defines β€œ.home.arpa” as an internal. It looks stupid and totally misses the point, but works.

[–] [email protected] 2 points 1 year ago

Yes, it does look stupid. I'd rather .lan just be reserved for private networks.

[–] aezart 7 points 1 year ago

I use a subdomain of a domain name I own.

[–] [email protected] 6 points 1 year ago

I bought a .com for like $10 CAD from Cloudflare that uses a URL not linked to me.

Maybe overly paranoid, but it also makes it easy to get SSL certificates for my lab.

[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (2 children)

For local DNS home.arpa is I think what we're 'supposed' to use, but I use .lan

Only use another domain name if you actually have it registered, like myname.net or something. As a bonus you can then get a wildcard letsencrypt SSL cert for easy HTTPS.

load more comments (2 replies)
[–] Krafting 3 points 1 year ago

server.home for my part

[–] [email protected] 3 points 1 year ago (1 children)
[–] [email protected] 4 points 1 year ago

That will work fine so long as you don't need services like Avahi and mDNS.

[–] [email protected] 3 points 1 year ago

I use .lan for everything the router can resolve names for, and .local for Avahi mDNS 😈

[–] [email protected] 3 points 1 year ago

I use either .home or an actual domain that I own (makes it easy for https certs and not having to go out of the network and back in)

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

I use home.arpa for all my LAN hosts.

[–] [email protected] 2 points 1 year ago (1 children)
[–] [email protected] 2 points 1 year ago (1 children)

I also use .lan I used to use .local for years until I started to have conflict issues with .local resolution on Android when they started using mdns

[–] [email protected] 2 points 1 year ago

I didn't care about any of this (my off the shelf Router used .local) and then I started selfhosting more and using pFsense as a router OS. It defaulted to using home.arpa, which was so objectionable that I spent time looking into RFC 6762 and promptly reverted to .lan forever.

The official choices were: .intranet, .internal, .home, .lan, .corp, and .private. LAN was the shortest and most applicable. Choice made.

[–] knaak 2 points 1 year ago

.home.lan for me.

[–] [email protected] 2 points 1 year ago

my server is just server

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

fritz.box for the machines themselves because Fritz!BOX (although handed out by Pi-Hole),but .lan for anything going over the local proxy towards the same machine for TLS.

Some machines use my custom domain name instead of .lan, if they need to be accessible from outside. So these last ones go directly over the local proxy internally, but automatically over CloudFlare Tunnel and Authentik when not at home. The proxy being Caddy.

load more comments
view more: next β€Ί