Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsLAN (ethernet/Wifi/routers/Bluetooth)Local DNS resolution
davidcole

6029 posts

Uber Geek

Trusted

#208233 2-Feb-2017 09:09
Send private message

 

 

So as part for Freitasm's thread here: http://www.geekzone.co.nz/forums.asp?forumid=66&topicid=208215  It talked about getting some certs for my domain name.

 

Now I've done that, and when I update a windows hosts file to use my domain address, my local service has the pretty green secured tag.

 

So now I'm trying to figure out how to get that domain resolved by my router.  It's currently gargoyle based (so openwrt)  and the local domain is set to .lan, so machine.lan responds. But obviously https://machine.lan gets a certificate error with my new machine.mydomain.com certificate.

 

I guess I could change(?) my domain definition in gargoyle to set the domain to mydomain.com instead of .lan?

 

Or is there a way I could tell gargoyle to accept either domain I can't figure out if it's dhcpd that does this or dnsmasq), and I'm not sure I'm ready to completely replace my local domain name.

 

 




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
SumnerBoy
2074 posts

Uber Geek

ID Verified
Lifetime subscriber

  #1714334 2-Feb-2017 09:40
Send private message

I am certainly no expert in this area, but I am interested nonetheless. I have a local DNS domain of .home but I was recently informed this is a bad idea, since it is highly likely one day that someone will buy the .home domain and thus all my DNS lookups will be shot. I would imagine the same thing could happen with .lan. 

 

So I have been putting off moving .home to .mydomain.nz (I also use dnsmasq) due to the number of things this will likely break. But it is definitely on my TODO list. The benefit, as you have pointed out, is that my LetsEncrypt TLS certificates (which are bound to mydomain.nz) should work on my local machines as well, although I would need to add each machine to the TLS address list since I can do wildcards with LetsEncrypt.

 

Interested to hear the opinions of the *experts* on here...



davidcole

6029 posts

Uber Geek

Trusted

  #1714337 2-Feb-2017 09:45
Send private message

SumnerBoy:

 

I am certainly no expert in this area, but I am interested nonetheless. I have a local DNS domain of .home but I was recently informed this is a bad idea, since it is highly likely one day that someone will buy the .home domain and thus all my DNS lookups will be shot. I would imagine the same thing could happen with .lan. 

 

So I have been putting off moving .home to .mydomain.nz (I also use dnsmasq) due to the number of things this will likely break. But it is definitely on my TODO list. The benefit, as you have pointed out, is that my LetsEncrypt TLS certificates (which are bound to mydomain.nz) should work on my local machines as well, although I would need to add each machine to the TLS address list since I can do wildcards with LetsEncrypt.

 

Interested to hear the opinions of the *experts* on here...

 

 

I've just managed to get my unifi controller to be secured on the new domain, but currently have updated a windows hosts file to do the resolution (poor mans solution, but i wanted to verify the certificate was working).

 

In gargoyle I did update the /etc/config/dhcp local option which is set to /lan/ and added /lan/mydomain.com/  but it didn't seem to have an effect (this was based onthe dnsmasq options of being able to have multiple domains).

 

I need to get openhab to use the same https cert as well which is on the same machine.

 

 




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 

Mattmannz
471 posts

Ultimate Geek


  #1714338 2-Feb-2017 09:47
Send private message

Not sure I fully follow what you are doing - you mention using a host file for some other reason, you could obviously put your domain name in that and point it to your PC, maybe that's not what you are trying to achieve?



davidcole

6029 posts

Uber Geek

Trusted

  #1714339 2-Feb-2017 09:51
Send private message

In a nutshell I'd like to be able to ping machine by machine.lan and machine.mydomain.lan - from all devices on my network.  So given that my gargoyle router serves dns and dhcp addresses, I'd assume it's driven from here.

 

I mentioned the windows hosts file as that was how I tested my certificate had been implemented successfully, as the unifi service is now secured as machine.mydomain.com - but I currently can't resolve that name.

 

 




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 

Mattmannz
471 posts

Ultimate Geek


  #1714395 2-Feb-2017 11:46
Send private message

why do you want to do mymachine.mydomain.lan? shouldn't it be mymachine.mydomain which will match your cert?

 

 

 

You can do that easy with hosts file

lxsw20
3552 posts

Uber Geek

Subscriber

  #1714401 2-Feb-2017 11:54
Send private message

Can you set DHCP options in Gargoyle? If so it's option 15 to set the dns suffix, with the value mydomain.lan You won't be able to ping by machine.mydomain.lan and machine.lan, but machine.mydomain  and machine.mydomain.lan and just machine should resolve. 

richms
28168 posts

Uber Geek

Trusted
Lifetime subscriber

  #1714405 2-Feb-2017 11:57
Send private message

If anyone knows how to get a server 2008 machine resolving some records differently internally to what the external DNS server has I would be happy to know. At the moment I have just made it authoritive for the domain so I have to update both the machine at home as well as the one at my domain registrar for things, so that the local one can do things like resolve my unifi and vpn addresses back to the local internal IPs




Richard rich.ms

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
lxsw20
3552 posts

Uber Geek

Subscriber

  #1714413 2-Feb-2017 12:02
Send private message

Is the server 2008 box a DNS server? If so, you would set a A record. If it's not doing DNS, then mess with the host file to point stuff to where you want it to go. 

davidcole

6029 posts

Uber Geek

Trusted

  #1714415 2-Feb-2017 12:04
Send private message

Mattmannz:

 

why do you want to do mymachine.mydomain.lan? shouldn't it be mymachine.mydomain which will match your cert?

 

 

 

You can do that easy with hosts file

 

 

 

 

ahh whoops typo.

 

Should be machine.lan and machine.mydomain.com  - the cert is for mydomain.com  

 

But in a hosts file (Im assuming the etc/hosts on my router) wouldnt i have to set each machine, what about the dhcp ones?

 

i think it might just be easier to change the whole local domain from .lan to .mydomain.com

 

Also I have a mix of windows, linux and embedded devices.

 

 




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 

Mattmannz
471 posts

Ultimate Geek


  #1714806 3-Feb-2017 08:22
Send private message

You don't really mention how many machines you had to roll this out to.

 

 

 

Can't you just change your domain name on your DHCP Server and use dynamic DNS registration?

davidcole

6029 posts

Uber Geek

Trusted

  #1714810 3-Feb-2017 08:29
Send private message

Mattmannz:

 

You don't really mention how many machines you had to roll this out to.

 

 

 

Can't you just change your domain name on your DHCP Server and use dynamic DNS registration?

 

 

I have a 24 port switch that is mostly full, and a few wireless devices.

 

Yeah I'm most likely to up the dhcp server and change the local domain - seems to be the least complicated way of doing it.  While dnsmasq is supposed to support resolving multiple domain names, it's probably messy.

 

 

 

Unsure how dynamic DNS will relate as I'm only talking about local lan DNS resoltion here not external.




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 

michaelmurfy
meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1714891 3-Feb-2017 11:21
Send private message

Just edit /etc/ hosts (had to add a space else Cloudflare blocks me) on your router - yes this is manual, but a good way everything sticks. I've personally just got a Raspberry Pi running PiHole doing DNS for my network.

 

 

Also I've been meaning to get off the .local domain :)




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

davidcole

6029 posts

Uber Geek

Trusted

  #1714928 3-Feb-2017 12:28
Send private message

michaelmurfy:

 

Just edit /etc/ hosts (had to add a space else Cloudflare blocks me) on your router - yes this is manual, but a good way everything sticks. I've personally just got a Raspberry Pi running PiHole doing DNS for my network.

 

 

Also I've been meaning to get off the .local domain :)

 

 

 

 

Thats doesn't seem geeky enough for GZ.    Also I assume that would work with an USG I've just pulled the trigger on (though when I set that up I'll be able to change the domain name)?




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 

michaelmurfy
meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #1714936 3-Feb-2017 12:46
Send private message

davidcole:

 

 

 

That doesn't seem geeky enough for GZ. Also I assume that would work with an USG I've just pulled the trigger on (though when I set that up I'll be able to change the domain name)?

 

 

Doing it on the USG isn't geeky at all but it is indeed possible. You'll need to add a config.gateway.json file on the controller with the hosts. See Here for the forum thread - if you add it with the CLI it'll get wiped on the next controller re-provision.

 

Otherwise you could grab a single board computer and run PiHole?




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

davidcole

6029 posts

Uber Geek

Trusted

  #1714947 3-Feb-2017 13:30
Send private message

michaelmurfy:

 

davidcole:

 

 

 

That doesn't seem geeky enough for GZ. Also I assume that would work with an USG I've just pulled the trigger on (though when I set that up I'll be able to change the domain name)?

 

 

Doing it on the USG isn't geeky at all but it is indeed possible. You'll need to add a config.gateway.json file on the controller with the hosts. See Here for the forum thread - if you add it with the CLI it'll get wiped on the next controller re-provision.

 

Otherwise you could grab a single board computer and run PiHole?

 

 

So the USG doesn't seem to be like most of the other routers I've used with regards dnsmasq etc.  If I want static Ips (and resolvable names) I need to make this config.gateway.json file?

 

What ties the MAC address to an IP, since the option they talk about is hostname,ip?

 

 




Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight 

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright