this post was submitted on 16 Nov 2023
4 points (100.0% liked)

Self-Hosted Main

504 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
 

I've wanted to install pihole so I can access my machines via DNS, currently I have names for my machines in my /etc/hosts files across some of my machines, but that means that I have to copy the configuration to each machine independently which is not ideal.

I've seen some popular options for top-level domain in local environments are *.box or *.local.

I would like to use something more original and just wanted to know what you guys use to give me some ideas.

top 50 comments
sorted by: hot top controversial new old
[–] ellipsoidalellipsoid@alien.top 2 points 11 months ago

".home.arpa" for A records.

I run my own CA and DNS, and can create vanity TLDs like: a.git, a.webmail, b.sync, etc for internal services. These are CNAMEs pointing to A records.

[–] ohuf@alien.top 2 points 11 months ago (2 children)

RFC 6762 defines the TLDs you can use safely in a local-only context:

*.intranet
*.internal
*.private
*.corp
*.home
*.lan

Be a selfhosting rebel, but stick to the RFCs!

load more comments (2 replies)
[–] kneticz@alien.top 2 points 11 months ago

do not use .local, as tempting as it may be

use .home personally

[–] Deathmeter@alien.top 1 points 11 months ago

Nothing. I have all devices using tailscale DNS and I refer to things in my network by their host name directly.

[–] PizzaUltra@alien.top 1 points 11 months ago (1 children)

everything under *.home.mydomain.tld is reserved for internal use.

load more comments (1 replies)
[–] Asyx@alien.top 1 points 11 months ago (1 children)

I own lastname.me and lastname.dev and everything public is lastname.me and everything local ist lastname.dev. I don't have a VPS anymore so the .me domain is a bit useless and only relevant for emails these days but I'd have something like nc.lastname.me for my public next cloud instance and docs.lastname.dev for my paperless instance that I don't want to have on somebody else's machine.

[–] maevian@alien.top 1 points 11 months ago

Why use a different domain for local as external?

[–] secopsx@alien.top 1 points 11 months ago (1 children)

I use a custom domain for everything....email, internal dns, external (cf tunnels), and my public websites. I use to use AWS Route 53 for everything because of work, but moved to CF because it's free and much easier to setup and manage.

For local devices I use *.local.domaingoeshere.com (wildcart cert), issued by cloudlfare. In retrospec I should have used *.int.domain.com as it would be less typing...but everything is categorized and bookmarked anyway.

[–] maevian@alien.top 1 points 11 months ago

Why not use *.domain.com ? If you own the domain you’ll never have a conflict that way

[–] sequentious@alien.top 1 points 11 months ago

For those using a pihole for .internal.example.com, how do you deal with DNSSEC on example.com? Or do you just not?

[–] certuna@alien.top 1 points 11 months ago

.local is mDNS - and I'm using that, saves me so much hassle with split-horizon issues etc.

I also use global DNS for local servers (AAAA records on my own domain), again, this eliminates split-horizon issues. Life is too short to deal with the hassle of running your own DNS server.

[–] 404invalid-user@alien.top 1 points 11 months ago

I had problems with .local because it’s used for MDNS and too lazy to figure out how that works so now I just use lan but I also own a .com domain so I have started to use that more

[–] DotDamo@alien.top 1 points 11 months ago
[–] FlowLabel@alien.top 1 points 11 months ago

.app is suuuper cheap even for three letter domains. I picked one up for pennies with three letters that mean something to me and my partner and use a pair of redundanct piholes to serve local DNS for that domain. Externally it’s hosted on DigitalOcean for stuff I want external.

[–] HTTP_404_NotFound@alien.top 1 points 11 months ago

I mean.... I use xtremeownage.com

But, ya know... I own it. Although, I use a few subdomains for my home-network, with a split-horizon DNS setup.

[–] Mint_Fury@alien.top 1 points 11 months ago

I use .lan for anything local and my public domain is .net for anything publicly hosted.

[–] Stetsed@alien.top 1 points 11 months ago

I just use my domain inside my network which is a .net

[–] Delyzr@alien.top 1 points 11 months ago (5 children)

I have a registered domain and my lan domain is "int.registereddomain.com". This way I can use letsencrypt etc for my internal hosts (*.int.registereddomain.com via dns challenge). The actual dns for my internal domain itself is not public but static records in pihole.

[–] Sir-Kerwin@alien.top 1 points 11 months ago (1 children)

Can I ask why this is done over something like hosting your own certificate authority? I’m quite new to all this DNS stuff

load more comments (1 replies)
load more comments (4 replies)
[–] MrSliff84@alien.top 1 points 11 months ago

I Just use a .de tld and for all my sites a *.mysite.mydomain.de.

Ssl certs from cloudflare with a dns challenge for internal use.

[–] Spare_Vermicelli@alien.top 1 points 11 months ago

maybe not directly answer for you, but I just literally bought 4 domains for 3 euro per year (renews at the same price!) 5 minutes ago :D.

The catch - it has to be 9 numbers.xyz (see https://gen.xyz/1111b for details).

[–] nimajneb@alien.top 1 points 11 months ago

.com lol. I got a 6 letter domain that makes for me. I should check out .local though. I could .com for my website and .local for my home network using the same domain name.

[–] tech_medic_five@alien.top 1 points 11 months ago

lastname. systems

I used to own lastname.cloud and foolishly let that expire. Its one of my biggest regrets.

[–] iavael@alien.top 1 points 11 months ago (1 children)

I've never used DNS in my local network (because it's additional burden to support, so I tried to avoid it), but couple of month ago when I needed several internal web-sites on standard http port, I've just came up with "localdomain."

Yep, it's non-standard too, but probability of it's usage of gTLD is lowest among all other variants because of it's usage in Unix world and how non-pretty it is :)

[–] tech2but1@alien.top 1 points 11 months ago (3 children)

If DNS is a burden to support you're doing it wrong. I set it up once and haven't touched it since. Everything new that gets added "just works".

load more comments (3 replies)
[–] DullPhilosopher@alien.top 1 points 11 months ago

I've got a .com for my internal only services with tls and a .pro for my external facing services. I could probably throw them all on one but because legacy (I didn't think things through) I have two

[–] joost00719@alien.top 1 points 11 months ago

*.oob.mydomain.tld

[–] ewleonardspock@alien.top 1 points 11 months ago

I use homelab..org

[–] wageof@alien.top 1 points 11 months ago

GDI, I have been using internal.registereddomain.com which is 5 wasted characters...

[–] HR_Paperstacks_402@alien.top 1 points 11 months ago

I have an io domain - mylastname.io

AD domain is home.mylastname.io

A place I put most apps running on my Kubernetes cluster is *.apps.mylastname.io

[–] vim_jong_un@alien.top 1 points 11 months ago

I own both `mydomain.com` and `mydomain.net`, and the `.net` is all my internal services (eg `homeassistant.mydomain.net`). The public `.com` domain I use exclusively for email and a static site.

I had some old employer with a similar segmentation so it just made sense to me ¯\_(ツ)_/¯

[–] jerwong@alien.top 1 points 11 months ago

I use >!.cunt!< for my local TLD. Stands for Can't Use New Technologies from IT Crowd.

It makes it comnical when I let friends onto my wifi.

[–] stoneobscurity@alien.top 1 points 11 months ago

i have owned a .com since 1997. i use that.

[–] KD_done@alien.top 1 points 11 months ago

A customer of mine chose for his own domains.. and it was his mistake that he wanted specific "cool top level domains" in his network for his factory, storage facility and vehicles on the road that connected with wifi at home.

He decided, and I realized immediately that this would be a bad idea (*cough* .. no I didn't.. but lets pretend I did), that he wanted something that looked like;

  • company.fabriek (fabrication)
  • company.waren (warehousing)
  • company.vrachtwagen (trucks)

I think he adopted the idea because I had a singular setup at my office/shop where my synology, placed in a 8U rack in the back on the 4th flloor with a hostname.. just a hostname "I.am.on.the.forth.floor.in.the.back". Just a singular name.. I remember him laughing when he found the server where the hostname said it was.

So, the systems (electronic toolbag for in the trucks) installed in the trucks would only work a 100% if connected to the wifi at home base. All interfaces with any relation to the outside world had to be brought within the lan to be able to get to warehouse data, and the fabrication department (his pride and joy) just did what it always did.. it fabricated stuff. All choices were made motivated by the path of least resistance.

Yeah.. a lot of stuff didn't work as planned. Mainly connectivity things that did not work as expected, misconfiguration of DHCP servers, VPN clients and all other types of "employee owned" gear that were unable to resolve the funky domains.

I started to protest, and explain why what I did was funny, but what he was doing was foolish.. especially after I gave him a rough idea of what was neede to be done. I proposed a split dns solution with a real domain, even that would have been easier and less intrusive to work on or fix things in for sure.. but it looked "less cool" according to his lordship. Customer is king is a stupid concept, but if the customer claims to be King, his highness can pay for the time required to serve him.

So..

Pick a singular host, get a real domain and setup a split DNS environment (easiest and funnest imo).. but if you don't care (and why should you :)) pick something fun and cool that makes sense to use for you. All our suggestions are pure personal preference in the end :)

[–] DIYiT@alien.top 1 points 11 months ago

I own both mydomain.com as well as mydomain.me. I use the *.me as my local domain and *.com for the real world.

[–] ypoora1@alien.top 1 points 11 months ago

I use .lan as it's shorter and IMO nicer looking than .local

[–] tomwebrr@alien.top 1 points 11 months ago

I have a registered domain and using it like this: service.machine.location.myregistereddomain.cz

You can use Let's Encrypt certs inside lan if you use a real purchased domain.

[–] Wixely@alien.top 1 points 11 months ago

Being a bit of a rebel myself. I use ONLY a tld, and where subdomains would be used, I use domain.tld

This has lead me to discover quite a few projects out there that don't parse domain names correctly, especially when you want to use an email like admin@tld and it cries because you have no dot.

[–] Aurailious@alien.top 1 points 11 months ago

I have 2 registered tlds in .dev and .net. I split their use using .net for personal/selfhosted sites and .dev for public facing.

[–] FamousSuccess@alien.top 1 points 11 months ago

I own a domain I purchased thru cloudflare.

public facing services are say xyz.mydomain.com

internal facing is xyz.local.mydomain.com

This was internal access pipes into pihole, DNS directs it to Traefik on my server, then to the internal service. Not internet dependent.

[–] 546875674c6966650d0a@alien.top 1 points 11 months ago

Get a real domain. Then you can use external stuff tonight you want.

[–] highedutechsup@alien.top 1 points 11 months ago

https://datatracker.ietf.org/doc/html/draft-chapin-rfc2606bis-00

I use .host because .internal is too long to type and .local is a pita, but mostly because the browser actually tries to go there instead of some stupid search engine that tracks that kind of info and I don't have to remember to put a slash at the end.

[–] JackDostoevsky@alien.top 1 points 11 months ago

i made up a not real, non-standard TLD that i use lol (.null)

I have a self signed CA that all my devices trust. Getting a real domain and just using that, with LetsEncrypt, would not have required me to explicitly trust my own CA, but hey, my system works.

and i know i know, RFCs, but it works, and doesn't break anything.

[–] AnomalyNexus@alien.top 1 points 11 months ago

Managed to buy a really sweet domain so using that for both mail and local domain

currently I have names for my machines in my /etc/hosts files across some of my machines

A better way is to set the DHCP server to resolve local too via DNS.

So in my case proxmox.mydomain.com and proxmox both resolve to a local IP...without any need to configure IPs manually anywhere.

On opnsense it's under Unbound >> Register DHCP Leases

[–] lutiana@alien.top 1 points 11 months ago

I just use my public domain (eg domain.com) and have split DNS setup.

[–] alekslyse@alien.top 1 points 11 months ago

I use home.arpa as the base dns as that play very well and are the official standard, then I have a domain for my reverse proxy. Of course I can use that domain for the whole network, but I like to split it up

[–] KlausBertKlausewitz@alien.top 1 points 11 months ago
[–] tiberiusgv@alien.top 1 points 11 months ago

Everything at my house has a TLD named after the road I live on (a founding father last name). Everything at my offsite at my dads house uses TLD named after the road he lives on (a woman's first name).

It's both arbitrary and practical. A number systems exist at both such as proxmox. truenas. pihole. plex. So it's a good way to tell them appart without having to differentiate them in the domain name.

[–] Tripanafenix@alien.top 1 points 11 months ago
[–] murdaBot@alien.top 1 points 11 months ago

My TLDs are:
.lan = management/wired vlan
.mobile = primary wifi
.iot = locked down for iot/home automation devices .guest = guest wifi

The domain for each is my public .io domain.

load more comments
view more: next ›