Another thought on this...
I was using a netgear router for a bit as my home router to replace an
ancient cisco firewall that had outlived its usefulness, and with ddwrt,
will run dns as part of dnsmasq. You can use just about any consumer
router replacing dd-wrt on it, and get functionality to do the same hosting
internal.keithsmith.org or whatever you have directly on your router. Your
router will typically act as a dns cache directly anyways pointing dhcp dns
to it's internal ip vs. your carriers, and then forwarding what it doesn't
know, but you *can* add domains here for internal records for hosts you
want too. I used this to recreate internal dns vs. a separate bind server
directly on my router for internal domain records, so long as your router
can handle it.
Now I use a fortigate enterprise firewall, which has the same features to
host internal dns records doing the same, but whatever you have and can
make work. If your router doesn't support dd-wrt or tomato, get one that
does. I have bought a few over the years at goodwill shopping their
technology crap for grins, and regifted good ones I've found to poor
bastards in my family using ancient firewalls or wireless for like 7 bucks.
-mb
On Wed, Nov 23, 2022 at 12:51 PM Michael Butash <
michael@butash.net> wrote:
> General rule of thumb is not to spoof real domains, as you'll break anyone
> using it elsewise, just about anything else is open game. I can make a tld
> domain, .xyz (assuming this isn't a free-form tld now), and so long as
> things point at that naturally (like an internal resolver), it will pretend
> to be authoritative even if not. I've had customers run internal dns under
> AD with something random as their domain, it works so long as everything
> using the domain knows to point internally first.
>
> What I do is use my domain, butash.net, and create an internal subdomain
> off it, internal.butash.net or like, and put all my home/lab stuff under
> that as my internal dns knows to put a ns record for the subdomain to
> itself, otherwise go out to public. No one is the wiser generally, and my
> needs are met. Recommend the same.
>
> -mb
>
>
> On Wed, Nov 23, 2022 at 12:19 PM David Schwartz via PLUG-discuss <
> plug-discuss@lists.phxlinux.org> wrote:
>
>> I looked into this topic a while back and it’s a bit of a quagmire.
>>
>> The general concensus I found was to use .local as your TLD as it has
>> been reserved for that purpose. There are a few more, like .test, but .dev
>> is a legitimate TLD run by Google.
>>
>> I’ve talked with several people who set up their own DNS server on their
>> intranet to respond to their own TLD so you don’t need to use the hosts
>> file on every machine. I think most companies with multiple layers of
>> firewalls take that approach because it won’t resolve the URLs across the
>> firewall — public DNS will always return an error on the lookups.
>>
>> -David Schwartz
>>
>>
>>
>>
>> On Nov 23, 2022, at 9:26 AM, Keith Smith via PLUG-discuss <
>> plug-discuss@lists.phxlinux.org> wrote:
>>
>>
>>
>> Hi,
>>
>> As you know I am building a "home office" lab for PHP development and
>> testing. I was not satisfied with the research I completed on
>> "non-routeable" domains for a private network made up of "non-routeable"
>> domains.
>>
>> In the distant past I used to use .dev for the TLD. From what I am
>> reading this is not a good idea.
>>
>> According to https://www.rfc-editor.org/rfc/rfc8375.html
>> <https://u2206659.ct.sendgrid.net/ls/click?upn=SJEG7TF39YLaAIMD0HhsfI0lbTtxhf0B9iVXMIHo234e-2FVw-2FyhT-2BRhbwtow13oAB1bD76MUDbm-2FuyVnd7UVxqQ-3D-3DqK4N_o-2BjQxMsWfboH-2B-2BcY2qb3IYCoqvthnvff9ftZz0pNEJ2tF1jbVlVBtrlaPYq4av3GFmhIl6hDTJp0vlcEfWuD5HliN7mazq1NqkL46JEotJwwOK-2FkuKaTizng8wU1HWxnp-2FMw8BnQ6VeeHFxnCcbBMqs4qb-2Fp11-2FJtxGr4MPTS6hEGMLYpFcvZWkbxeQNcCqBF3sv-2F7D-2BuOIrW1z5JDzK2UEZktkYqoOIEHWfocWRNmw-3D>
>> one should use "home.arpa.". They add a period to the end which I assume
>> is the DNS domain name stop character when used in zone files. Any
>> thoughts?
>>
>> I will not be using DNS. My needs are so simple I will be adding the IP
>> and domain name in my host file, at least for now.
>>
>> I've read a lot about this subject. Some say to use a registered domain
>> with a subdomain that is on a private IP. I really do not want to commingle
>> public and private assets on the same domain.
>>
>> Any feedback is much appreciated!!
>>
>> Thanks!!
>> Keith
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list: PLUG-discuss@lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
---------------------------------------------------
PLUG-discuss mailing list:
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)