Another thought on this...

I was using a netgear router for a bit as my home router to replace an ancient cisco firewall that had outlived its usefulness, and with ddwrt, will run dns as part of dnsmasq.  You can use just about any consumer router replacing dd-wrt on it, and get functionality to do the same hosting internal.keithsmith.org or whatever you have directly on your router.  Your router will typically act as a dns cache directly anyways pointing dhcp dns to it's internal ip vs. your carriers, and then forwarding what it doesn't know, but you *can* add domains here for internal records for hosts you want too.  I used this to recreate internal dns vs. a separate bind server directly on my router for internal domain records, so long as your router can handle it. 

Now I use a fortigate enterprise firewall, which has the same features to host internal dns records doing the same, but whatever you have and can make work.  If your router doesn't support dd-wrt or tomato, get one that does.  I have bought a few over the years at goodwill shopping their technology crap for grins, and regifted good ones I've found to poor bastards in my family using ancient firewalls or wireless for like 7 bucks.

-mb


On Wed, Nov 23, 2022 at 12:51 PM Michael Butash <michael@butash.net> wrote:
General rule of thumb is not to spoof real domains, as you'll break anyone using it elsewise, just about anything else is open game.  I can make a tld domain, .xyz (assuming this isn't a free-form tld now), and so long as things point at that naturally (like an internal resolver), it will pretend to be authoritative even if not.  I've had customers run internal dns under AD with something random as their domain, it works so long as everything using the domain knows to point internally first.

What I do is use my domain, butash.net, and create an internal subdomain off it, internal.butash.net or like, and put all my home/lab stuff under that as my internal dns knows to put a ns record for the subdomain to itself, otherwise go out to public.  No one is the wiser generally, and my needs are met.  Recommend the same.

-mb


On Wed, Nov 23, 2022 at 12:19 PM David Schwartz via PLUG-discuss <plug-discuss@lists.phxlinux.org> wrote:
I looked into this topic a while back and it’s a bit of a quagmire.

The general concensus I found was to use .local as your TLD as it has been reserved for that purpose. There are a few more, like .test, but .dev is a legitimate TLD run by Google.

I’ve talked with several people who set up their own DNS server on their intranet to respond to their own TLD so you don’t need to use the hosts file on every machine. I think most companies with multiple layers of firewalls take that approach because it won’t resolve the URLs across the firewall — public DNS will always return an error on the lookups.

-David Schwartz




On Nov 23, 2022, at 9:26 AM, Keith Smith via PLUG-discuss <plug-discuss@lists.phxlinux.org> wrote:



Hi,

As you know I am building a "home office" lab for PHP development and testing.  I was not satisfied with the research I completed on "non-routeable" domains for a private network made up of "non-routeable" domains.

In the distant past I used to use .dev for the TLD.  From what I am reading this is not a good idea.

According to https://www.rfc-editor.org/rfc/rfc8375.html one should use "home.arpa.".  They add a period to the end which I assume is the DNS domain name stop character when used in zone files.  Any thoughts?

I will not be using DNS.  My needs are so simple I will be adding the IP and domain name in my host file, at least for now.

I've read a lot about this subject.  Some say to use a registered domain with a subdomain that is on a private IP. I really do not want to commingle public and private assets on the same domain.

Any feedback is much appreciated!!

Thanks!!
Keith


---------------------------------------------------
PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss