[HN Gopher] What domain name to use for your home network
___________________________________________________________________
What domain name to use for your home network
Author : miles
Score : 24 points
Date : 2021-08-15 20:31 UTC (2 hours ago)
(HTM) web link (www.ctrl.blog)
(TXT) w3m dump (www.ctrl.blog)
| jitl wrote:
| I use cozy.systems
| Wowfunhappy wrote:
| > Do not use undelegated domain names like .lan, .home, .homenet,
| .network, nor should you make up your own domain name.
|
| ...why?
|
| My DNS server, my rules, no? Why should I feel obligated to
| follow ICANN? Obviously, I'll need to make changes if someone
| ever registers the domain with ICANN (and I want to access the
| ICANN version), but other than that...
| geofft wrote:
| Does every single network client on your network use your DNS
| server for name resolution? No DNS-over-HTTPS? No widgets
| configured to talk to public DNS servers?
|
| Also, does your DNS server correctly filter "out"-of-bailiwick
| responses for .lan etc. zones that are actually perfectly well
| in-bailiwick because they're from the actual delegated-by-the-
| real-root-servers nameservers, they're just not from your
| private server that you've configured? If not, I can execute a
| cache-poisoning attack against you.
| tialaramex wrote:
| On _your_ network, sure.
|
| But you seem to be on _our_ network with all of us and so here
| you need to obey _our_ rules or things won 't go so well for
| you.
| manicdee wrote:
| The issue here being: what happens when you have your proxy
| configured as "proxy.lan" but you make a typo when entering it
| in local DNS or in your browser settings? That DNS request for
| "proxy.lan" will now go all the way out to the root servers for
| every page load, multiple times.
|
| Not so important for you with your 200 tabs open, but quite
| important to the people maintaining the root servers who see a
| significant percentage of all queries being for bogus domains
| that don't exist.
| prox wrote:
| Does this happen often? How do they mitigate this?
| rualca wrote:
| > (...) but quite important to the people maintaining the
| root servers who see a significant percentage of all queries
| being for bogus domains that don't exist.
|
| I get the boys out rule sentiment, but isn't resolving domain
| names, even those that don't exist, the whole purpose of root
| servers?
|
| I mean, your suggestion reads like asking not to type URLs
| wrong because a significant percentage of requests are 404s.
| traceroute66 wrote:
| > My DNS server, my rules, no?
|
| That's the same line taken by network admins who think they
| know better than using RFC1918 IP ranges for their LAN.
| sokoloff wrote:
| Worked at a company which did this (dating back to when they
| probably figured they'd never need to connect to the net).
|
| As a satellite office and an acquisition, we played all kinds
| of games to try to figure out whether we should send a given
| IP address out to the Internet or to corporate. Apple's IP
| range was entirely overlapping and of course the corporate
| networking group just threw up their hands and said "send it
| to us; the internet is not a business critical function."
|
| This was in the early 2000s, not the early 90s.
| Wowfunhappy wrote:
| I'm not suggesting this would be intelligent for anything
| larger than your own home network! ;)
| vbezhenar wrote:
| IMO the best approach is to register somedomain.com and use its
| subdomains. It's guaranteed not to interfere with anything, you
| can get LE certificate, you can make it available from the
| Internet if necessary.
| lysp wrote:
| That's what I do, local.domain.com.
|
| I also have a wildcard le cert for *.local.domain.com.
| PostThisTooFast wrote:
| Interesting, but I don't understand how to set this up. If I go
| into my router's admin pages (it's a Ubiquiti EdgeRouterX), then
| Services, then DNS... the only options are:
|
| DNS Forwarding Cache size
| Interface (currently set to Switch0)
|
| Dynamic DNS (Add DDNS interface)
|
| Now what?
| dmd wrote:
| In similar news, do not use "dev.host", because someone owns
| it[0] and can and will do increasingly hilarious things to your
| traffic.
|
| [0] me
| johnchristopher wrote:
| What about .localhost? Asking for a friend.
| flemhans wrote:
| What if it's an office building?
| geofft wrote:
| Buy a real domain name and use that. It is probably cheaper
| than a single square foot of office space.
|
| (This can either be your normal domain name that you already
| have, using split DNS to make more things resolve on the
| internal network, or an entirely separate domain name,
| whichever is operationally easier for you.)
| traceroute66 wrote:
| The blog post misses the (controversial if you're one of the ex-
| applicants) decision by ICANN to ban .corp, .home and .mail from
| ever appearing on the internet. So you've got those options too.
|
| Or in ICANN management-speak: "Whereas, the Board considered that
| the applicants were not aware before the application window that
| the strings .CORP, .HOME, and .MAIL would be identified as high-
| risk, and that the delegations of such high-risk strings would be
| deferred indefinitely." [1]
|
| [1]https://features.icann.org/addressing-new-gtld-program-
| appli...
___________________________________________________________________
(page generated 2021-08-15 23:00 UTC)