←back to thread

My Own DNS Server at Home – Part 1: IPv4

(jan.wildeboer.net)
220 points speckx | 2 comments | 05 Sep 25 19:08 UTC | HN request time: 0.404s | source
Show context
n4bz0r ◴[05 Sep 25 23:28 UTC] No.45144931[source]
> I really should use the official .internal TLD (Top Level Domain) for my homelab network, but I decided against it. This introduces the risk of name resolution problems, should someone offer a public .jhw TLD in future. It’s a risk I am willing to accept in exchange for using a 3 letter TLD at home. Don’t be like me! Use .internal instead. With that out of the way, let’s continue.

Why not .lan? The key word is official?

replies(4): >>45145040 #>>45145079 #>>45146363 #>>45147234 #
moduspol ◴[05 Sep 25 23:44 UTC] No.45145040[source]
My preference is to register a publicly resolvable domain and then just only use it internally. Then you can still get publicly trusted TLS certificates for it, in case you want them.

Doesn’t stop you from using your own private CA, either, but at least you have the option.

replies(2): >>45145766 #>>45145824 #
1. briHass ◴[06 Sep 25 01:44 UTC] No.45145824[source]
Given how modern browsers are increasingly hostile to long-lived, self-signed certs, I've resigned to paying the .com tax every year for a real domain. There's so many ACME clients now (e.g. HomeAssistant has a plugin), that it's fairly easy to have legitimate certs on internal devices. A side benefit is having a subdomain that can be used as a dynamic DNS record.

Cloudflare (and probably others) let you enter non-routable IPs into their DNS, so myhomeserver.mydomain.com can point to 192.168.1.45 on your LAN without having to run your own DNS/hosts.

replies(1): >>45149269 #
2. akerl_ ◴[06 Sep 25 13:51 UTC] No.45149269[source]
Are they? Browsers treat long-lived self-signed certs pretty much exactly how they always have, from what I’ve seen: if you’ve trusted the cert in your system trust store, it just works. If you haven’t, you get a red warning page and have to click to proceed.