this post was submitted on 31 Jan 2024
165 points (97.7% liked)

Selfhosted

39922 readers
605 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 70 points 9 months ago (2 children)

If we didn't have a bazillion TLDs these days we'd be ok and everyone can carry on using .local or .lan and be happy that they're not real TLDs. Now when anything could be a TLD because every word you've ever heard is a TLD, you don't know if its real or not.

[–] [email protected] 36 points 9 months ago (1 children)

Reserved TLDs are documented. The issue is they prioritized all the crazy ones before they added what people at home and businesses were actually using. ICANN won't sell .lan because it is used too much. They haven't tried so there is no official decision, but they won't - they did try .corp and .home and abandoned it.

.local is reserved in RFC 6762, but for multicast DNS.

[–] [email protected] 5 points 9 months ago (1 children)

They're documented, but it's a big and ever expanding list.

[–] [email protected] 5 points 9 months ago

The special use list for use by individuals and business is actually very small and hasn't been updated in a long time, which is a big part of the problem with people inventing their own.

[–] [email protected] 4 points 9 months ago (1 children)

People have been told for a very long time not to use fake TLDs. I don’t think it’s reasonable to accommodate people who can’t follow instructions.

[–] [email protected] 43 points 9 months ago* (last edited 9 months ago) (2 children)

Looks like *.lair is still a great one for a local TLD.

Just rock your "Evil.subterranean.lair" people.

You could also go for "Wicked.volcano.lair"

Or even "morallywrong.commercialrealestate.lair"


Also, anyone taking bets on how many "Internal" TLDs are gonna be used for porn?

[–] [email protected] 57 points 9 months ago (1 children)

Very few as this ruling would reserve .internal for local DNS only and forbid it at the global level. This is ICANN's solution to people picking random .lan .local .internal for internal uses. You'll be able to safely use .internal and it will never resolve to an address outside your network.

[–] [email protected] 19 points 9 months ago (1 children)

.local is recommended for use with mDNS/Zeroconf

[–] [email protected] 9 points 9 months ago (1 children)

Yes, you're right, RFC 6762 proposes reserving .local for mDNS. I was not aware of this until you brought it up, hence the dangers of using using TLDs not specifically designated for internal use.

[–] [email protected] 9 points 9 months ago* (last edited 9 months ago) (1 children)

Yes, you’re right, RFC 6762 proposes reserving .local for mDNS. I was not aware of this until you brought it up, hence the dangers of using using TLDs not specifically designated for internal use.

I had actually used .local for years until I caved upon knowing, and bought kingthrillgore.name and used it both for my web sigh and my local domains. For most people, this is an unnecessary cost. We should really approve adding .lan and .localhost to ICANN as reserved domains as well.

[–] [email protected] 7 points 9 months ago (1 children)

.localhost is already reserved for the loopback, per RFC 2606, but I agree with you in general. A small network shouldn't have to have a $10-15/year fee to be compliant if they don't want to use a domain outside their network.

As other posters have mentioned, .lan .home .corp and such are so widely used that ICANN can't even sell them without causing a technical nightmare.

[–] [email protected] 5 points 9 months ago (1 children)

People who do not wish to buy a GTLD can use home.arpa as it is already reserved. If you are at the point of setting up your own DNS but cannot afford $15 a year AND cannot use home.arpa I’d be questioning purchasing decisions. Hell, you can always use sub-domains in home.arpa if you need multiple unique namespaces in a single private network.

Basically, if you’re a business in a developed country or maybe developing country, you can afford the domain and would probably spend more money on IT hours working around using non-GTLDs than $15 a year.

[–] [email protected] 2 points 9 months ago (1 children)

come on, setting up your own DNS is not difficult at all. For my home network, it's running in a Raspberry Pi, but before that I ran it locally on my desktop. There's no way I'd spend 15$ a year to resolve internal addresses.

Sure, you have to be careful with the TLD you choose, but I believe that if the ICANN were to create the .lan TLD, it would be all over the internet first.

[–] [email protected] 1 points 9 months ago

Buying your own domain often includes DNS hosting but that’s not really the point unless all you’re doing is exclusively running an externally-facing website or e-mail. The main reason for buying a domain online is so everybody else recognises you control that namespace. As a bonus, it means you can get globally-cognised SSL certificates which means you no longer have you manage your own CA and add it’s root to all the devices which wish to access your services securely. It’s also worth noting that you cannot rely on external DNS servers for entries that point to private IPs, because some DNS servers block that.

[–] [email protected] 2 points 9 months ago

I say 80% of them.

[–] [email protected] 39 points 9 months ago (2 children)

A good move!

I’m surprised they didn’t codify “.lan” though since that one is so prevalent.

[–] [email protected] 9 points 9 months ago (1 children)

Seconding the other comment, lots of orgs picked .lan and then over the last few years have moved things into the cloud and .lan has become a meaningless soup since half the shit isn’t even on local network. Now it just means “needs a vpn or ztn to talk to”

Luckily my last three orgs finally bought a second domain for private dns. It’s quickly becoming a pattern that myorg.com owns myorg.tech or whatever for private traffic. Domains are cheap as fuck compared to everything else a business spends money on, it’s really silly how many people are using hacks for this

[–] [email protected] 1 points 9 months ago (1 children)

I think needing a VPN to access the internal network is a good practice. And if you're going to be used a VPN anyway, I don't see why you wouldn't use a "fake" TLD like .lan for internal stuff, after all it's just simple DNS rules.

[–] [email protected] 1 points 9 months ago

VPN is inherently not zero trust. You really should be moving to ZTN based tools

[–] [email protected] 3 points 9 months ago

It's used in many cases where the machine may not be on the LAN and LAN is a technical term. "Internal" is not and to me signifies that it's "not public" aswell as probably managed by someone, well, internally at the entity you're with.

[–] [email protected] 31 points 9 months ago

Certainly better than the awkward .home.arpa.

[–] [email protected] 23 points 9 months ago (1 children)

Huh, I've seen .local used for this quite a bit and only just now realised that it's meant for something else.

I've also seen .corp 🤮

[–] [email protected] 21 points 9 months ago (2 children)

And .home.

Hopefully this .Internal domain takes off and becomes generally recognized as the only correct non-routable domain we all use. Otherwise it's just the latest addition to the list of possible TLDs and confusion continues.

[–] [email protected] 28 points 9 months ago (1 children)
[–] [email protected] 14 points 9 months ago* (last edited 9 months ago) (1 children)
[–] [email protected] 11 points 9 months ago (3 children)

That one is absolutely abhorrent because I know as a fact my parents would easily fall for a .zip domain leading to a virus infested site thinking it's actually them getting a zip file because they don't know better. At least the first few times they'd fall for it.

load more comments (3 replies)
[–] [email protected] 7 points 9 months ago* (last edited 9 months ago)

It's such a shitty situation. ICANN is not going to sell .home or .corp as they found a crapton of traffic when they checked for it, but IETF never finished an RFC for them - however people easily stumble into the draft RFC that lists what they were thinking of, and assume stuff like .lan is good to go too. They're safe by ICANN policy, but unsanctioned.

.home.arpa is safe, per RFC, but user unfriendly to normal people. There are a few others but none a corporation would realistically use. I've used . internal for lab testing stuff for ages, so this is extra good news for me I guess.

Really I wish they'd have just reserved the most common ones rather than getting caught in some bureaucratic black hole.

[–] [email protected] 14 points 9 months ago (1 children)

Too long to type, why it can't be .lan

[–] [email protected] 4 points 9 months ago (1 children)
[–] [email protected] 7 points 9 months ago

I heard he threw parties all the time

[–] [email protected] 12 points 9 months ago
[–] [email protected] 9 points 9 months ago

Meanwhile, for my homelab I just use split DNS and a (properly registered+set up) .house domain - But that's because I have services that I want to have working with one name both inside and outside of my network

[–] [email protected] 4 points 9 months ago* (last edited 9 months ago) (2 children)

Don't follow. Help me out someone please.

The net runs on numbers. The numbers have to be translated into/from the DNS name to the numbers.

Nominating a DNS name as internal is doesn't change the fact that we still have to, at some stage, find the (local) network mask that that corresponds to.

What am I missing?

Update: I'm not sure I formed my question correctly because I'm none the wiser. That's my fault, I think.

[–] [email protected] 23 points 9 months ago (1 children)

It’s for internal resources. You can really use whatever subdomain you want internally, but this decision would be to basically say to registrars, this TLD is reserved, we will never sell this TLD to anyone to use. That way you know that if you use it internally, there’s no way a whoopsie would happen where your DNS server finds a public record for this TLD.

[–] [email protected] 4 points 9 months ago (1 children)

I assumed that was what .local was all about

[–] [email protected] 3 points 9 months ago (1 children)

.local is for mDNS addresses.

[–] [email protected] 2 points 9 months ago (1 children)

Can you explaim further: I'm savvy enough to install a custom kernel for a 14 year old arm board and flush drive boot sector with U boot, etc, so I can use it as a dedicated DAAP server, but Networking somehow eludes me

[–] [email protected] 4 points 9 months ago (1 children)

Sure. Though I’m not an expert on mDNS or anything. It stands for multi cast DNS. In a normal scenario, when your PC tries to connect to a local resource at its hostname it will use a local DNS server (or its own cache). It’s like a phone book. I know who I’m looking for, I just need to look in the phone book and see what their IP is. With mDNS there is no server. You’ll have a service that will plan to respond at a particular .local hostname, so like jellyfin.local (this is just an example, I don’t know if it has mDNS) but that isn’t registered on a server. Instead when your PC wants to reach jellyfin it will send a multi-cast to the other local devices and say “ok, I’m looking for some guy named jellyfin.local, which one of y’all is that?” And the jellyfin server will respond and say “yo what up, this is my ip address”

So anyway, that only works with .local addresses. You could use .local with a regular dns server, but then you may run into a conflict. So that would be the benefit of reserving .internal

[–] [email protected] 2 points 9 months ago (1 children)

Thanks this is helpful. So .local hasn't been reserved for only on local LAN, and .internal would be registered so ot never looks outside of lan?

[–] [email protected] 2 points 9 months ago (1 children)

.local is definitely local but it’s common for it to be used with mDNS primarily. To the second part of your question, yes that’s correct, since it will be reserved it will not be any public DNS server, even if it did look outside it wouldn’t find anything.

[–] [email protected] 2 points 9 months ago

Thanks, i appreciate you taking time to answer

[–] [email protected] 4 points 9 months ago

A DNS Proxy/Forwarder server? That's where you would configure how your .internal domain resolves to IPs on your internal network. Machines inside the network make their DNS queries to that server, which either serves them from cache, or from the local mappings, for forwards them off to a public/ISP server.

[–] [email protected] 4 points 9 months ago (1 children)
[–] [email protected] 1 points 9 months ago

Here is an alternative Piped link(s):

what are you proposing for you're always proposing just go

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
CA (SSL) Certificate Authority
DNS Domain Name Service/System
IP Internet Protocol
SSL Secure Sockets Layer, for transparent encryption
VPN Virtual Private Network

5 acronyms in this thread; the most compressed thread commented on today has 7 acronyms.

[Thread #477 for this sub, first seen 2nd Feb 2024, 16:35] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 2 points 9 months ago

I use .home for my home network…

[–] [email protected] 1 points 9 months ago* (last edited 9 months ago)

I just use *.loc.al as a local dns entry in my own server with local addresses using devicename.loc.al and loc.al itself going to my gateway/routerpage. 😅

load more comments
view more: next ›