| ▲ | n4bz0r 4 days ago |
| > I really should use the official .internal TLD (Top Level Domain) for my homelab network, but I decided against it. This introduces the risk of name resolution problems, should someone offer a public .jhw TLD in future. It’s a risk I am willing to accept in exchange for using a 3 letter TLD at home. Don’t be like me! Use .internal instead. With that out of the way, let’s continue. Why not .lan? The key word is official? |
|
| ▲ | finaard 4 days ago | parent | next [-] |
| Why not a subdomain under one of the public domains he already has? For interactive use you'd typically only use part of the domain anyway, with correctly set up search list. Also has the advantage of easily making some hosts available via IPv6 to the outside - or with split horizon DNS and a gateway host expose specific services, where inside connection directly goes to the specific host, and outside via a reverse proxy. Overall he's just describing a typical simple internal DNS setup - from the title was expecting him to talk about how he got a stable authoritative DNS server for his public domain running at home (and how he got around the "two nameservers" requirement). On the plus side, that made me realize that my current home connection _is_ stable enough to host one of my three authoritative DNS servers, which should save me about 7 EUR per month. |
|
| ▲ | moduspol 4 days ago | parent | prev | next [-] |
| My preference is to register a publicly resolvable domain and then just only use it internally. Then you can still get publicly trusted TLS certificates for it, in case you want them. Doesn’t stop you from using your own private CA, either, but at least you have the option. |
| |
| ▲ | briHass 4 days ago | parent | next [-] | | Given how modern browsers are increasingly hostile to long-lived, self-signed certs, I've resigned to paying the .com tax every year for a real domain. There's so many ACME clients now (e.g. HomeAssistant has a plugin), that it's fairly easy to have legitimate certs on internal devices. A side benefit is having a subdomain that can be used as a dynamic DNS record. Cloudflare (and probably others) let you enter non-routable IPs into their DNS, so myhomeserver.mydomain.com can point to 192.168.1.45 on your LAN without having to run your own DNS/hosts. | | |
| ▲ | akerl_ 3 days ago | parent [-] | | Are they? Browsers treat long-lived self-signed certs pretty much exactly how they always have, from what I’ve seen: if you’ve trusted the cert in your system trust store, it just works. If you haven’t, you get a red warning page and have to click to proceed. |
| |
| ▲ | isaacdl 4 days ago | parent | prev [-] | | I do the same. You can still get neat 4-character domains for cheap in many TLDs (including .net, which just feels right for this purpose). |
|
|
| ▲ | JdeBP 4 days ago | parent | prev | next [-] |
| The key concept is learning from the mistakes of others, instead of repeating them. The past several decades provide numerous examples of people picking "internal" top-level domain names that they were 100% positive no-one else would ever use … until someone else did, sometimes as a result of the exact same thinking. * https://jdebp.uk/FGA/dns-use-domain-names-that-you-own.html * https://news.ycombinator.com/item?id=45144631 You can find the case of dev. in particular discussed in umpteen places here on Hacker News over the years. |
|
| ▲ | ZeroSolstice 4 days ago | parent | prev [-] |
| I didn't see a specific RFC that reserved .lan however from the proposed standard RFC 8375 home.arpa is suggested. https://datatracker.ietf.org/doc/html/rfc8375 |
| |
| ▲ | n4bz0r 3 days ago | parent [-] | | > home.arpa is suggested Thanks, didn't even know it existed. > I didn't see a specific RFC that reserved .lan There is no RFC AFAIK, but it has certainly seen some adoption over the past decade. Mikrotik devices use `router.lan` as a default domain name for their routers, for instance. Home labbers on YouTube seem to like to use `.lan`, too. Would it be fair to think there is a chance `.lan` might get an RFC of its' own given the popularity? Or that's completely irrelevant in case with RFCs? Hard to tell what's the reasoning there - `.home.arpa` seems excessivly long and inconvenient. Would be a real shame and a bummer if `.lan` ends up becoming public :') | | |
| ▲ | ZeroSolstice 3 days ago | parent [-] | | I agree it would be great to get some of the vendor pushed / common domains put into an accepted standard. In my interaction with IETF standards they are created / implemented in two ways: 1. They set the forward direction for a new technology before it is wide spread.
2. They wait for a technology to become popular / accepted and start to set standards from that baseline.
Both are reasonable paths of implementation given how the pace of changes in technology.I doubt .lan, .local, .home, etc will either become public or a standard just based on existing devices that default to these domains and documentation or books that might reference them as example domains. | | |
|
|
