←back to thread

.localhost Domains

(inclouds.space)
301 points todsacerdoti | 3 comments | 10 Apr 25 14:19 UTC | HN request time: 0.616s | source
Show context
octagons ◴[10 Apr 25 15:58 UTC] No.43645228[source]
Against much well-informed advice, I use a vanity domain for my internal network at home. Through a combination Smallstep CA, CoreDNS, and Traefik, any services I host in my Docker Swarm cluster automatically are immediately issued a signed SSL certificate, load-balanced, and resolvable. Traefik also allows me to configure authentication for any services that I may not wish to expose without such.

That said, I do recommend the use of the internal. zone for any such setup, as others have commented. This article provides some good reasons why (at least for .local) you should aim to use a standards-compliant internal zone: https://community.veeam.com/blogs-and-podcasts-57/why-using-...

replies(2): >>43645339 #>>43645906 #
hobo_mark ◴[10 Apr 25 16:10 UTC] No.43645339[source]
I added a fake .com record in my internal DNS that resolves to my development server. All development clients within that network have an mkcert-generated CA installed.

Not so different from you, but without even registering the vanity domain. Why is this such a bad idea?

replies(4): >>43645645 #>>43645706 #>>43648413 #>>43651367 #
1. thot_experiment ◴[10 Apr 25 16:38 UTC] No.43645645[source]
I alias home.com to my local house stuff. I don't really understand why anyone thinks it's a bad idea either.
replies(2): >>43645764 #>>43646379 #
2. matthewaveryusa ◴[10 Apr 25 16:49 UTC] No.43645764[source]
It's not a terrible idea. On a large scale it can lead to the corp.com issue:

https://krebsonsecurity.com/2020/02/dangerous-domain-corp-co...

Honestly for USD5/year why don't you just buy yourself a domain and never have to deal with the problem?

3. ◴[10 Apr 25 17:49 UTC] No.43646379[source]