Local DNS resolution

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Local DNS resolution

davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

#208233 2-Feb-2017 09:09

So as part for Freitasm's thread here: http://www.geekzone.co.nz/forums.asp?forumid=66&topicid=208215 It talked about getting some certs for my domain name.

Now I've done that, and when I update a windows hosts file to use my domain address, my local service has the pretty green secured tag.

So now I'm trying to figure out how to get that domain resolved by my router. It's currently gargoyle based (so openwrt) and the local domain is set to .lan, so machine.lan responds. But obviously https://machine.lan gets a certificate error with my new machine.mydomain.com certificate.

I guess I could change(?) my domain definition in gargoyle to set the domain to mydomain.com instead of .lan?

Or is there a way I could tell gargoyle to accept either domain I can't figure out if it's dhcpd that does this or dnsmasq), and I'm not sure I'm ready to completely replace my local domain name.

Previously known as psycik

Home Assistant: Gigabyte AMD A8 Brix, Home Assistant with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Shelly Humidity and Temperature sensors
Media:Chromecast v2, ATV4 4k, ATV4, HDHomeRun Dual
Server Host Plex Server 3x3TB, 4x4TB using MergerFS, Samsung 850 evo 512 GB SSD, Proxmox Server with 1xW10, 2xUbuntu 22.04 LTS, Backblaze Backups, usenetprime.com fastmail.com Sharesies Trakt.TV Sharesight

1 | 2

2079 posts

Uber Geek
+1 received by user: 306

ID Verified

Lifetime subscriber

#1714334 2-Feb-2017 09:40

I am certainly no expert in this area, but I am interested nonetheless. I have a local DNS domain of .home but I was recently informed this is a bad idea, since it is highly likely one day that someone will buy the .home domain and thus all my DNS lookups will be shot. I would imagine the same thing could happen with .lan.

So I have been putting off moving .home to .mydomain.nz (I also use dnsmasq) due to the number of things this will likely break. But it is definitely on my TODO list. The benefit, as you have pointed out, is that my LetsEncrypt TLS certificates (which are bound to mydomain.nz) should work on my local machines as well, although I would need to add each machine to the TLS address list since I can do wildcards with LetsEncrypt.

Interested to hear the opinions of the *experts* on here...

davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

#1714337 2-Feb-2017 09:45

SumnerBoy:

I am certainly no expert in this area, but I am interested nonetheless. I have a local DNS domain of .home but I was recently informed this is a bad idea, since it is highly likely one day that someone will buy the .home domain and thus all my DNS lookups will be shot. I would imagine the same thing could happen with .lan.

So I have been putting off moving .home to .mydomain.nz (I also use dnsmasq) due to the number of things this will likely break. But it is definitely on my TODO list. The benefit, as you have pointed out, is that my LetsEncrypt TLS certificates (which are bound to mydomain.nz) should work on my local machines as well, although I would need to add each machine to the TLS address list since I can do wildcards with LetsEncrypt.

Interested to hear the opinions of the *experts* on here...

I've just managed to get my unifi controller to be secured on the new domain, but currently have updated a windows hosts file to do the resolution (poor mans solution, but i wanted to verify the certificate was working).

In gargoyle I did update the /etc/config/dhcp local option which is set to /lan/ and added /lan/mydomain.com/ but it didn't seem to have an effect (this was based onthe dnsmasq options of being able to have multiple domains).

I need to get openhab to use the same https cert as well which is on the same machine.

Mattmannz

471 posts

Ultimate Geek
+1 received by user: 88

#1714338 2-Feb-2017 09:47

Not sure I fully follow what you are doing - you mention using a host file for some other reason, you could obviously put your domain name in that and point it to your PC, maybe that's not what you are trying to achieve?

davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

#1714339 2-Feb-2017 09:51

In a nutshell I'd like to be able to ping machine by machine.lan and machine.mydomain.lan - from all devices on my network. So given that my gargoyle router serves dns and dhcp addresses, I'd assume it's driven from here.

I mentioned the windows hosts file as that was how I tested my certificate had been implemented successfully, as the unifi service is now secured as machine.mydomain.com - but I currently can't resolve that name.

Mattmannz

471 posts

Ultimate Geek
+1 received by user: 88

#1714395 2-Feb-2017 11:46

why do you want to do mymachine.mydomain.lan? shouldn't it be mymachine.mydomain which will match your cert?

You can do that easy with hosts file

lxsw20

3689 posts

Uber Geek
+1 received by user: 2174

Subscriber

#1714401 2-Feb-2017 11:54

Can you set DHCP options in Gargoyle? If so it's option 15 to set the dns suffix, with the value mydomain.lan You won't be able to ping by machine.mydomain.lan and machine.lan, but machine.mydomain and machine.mydomain.lan and just machine should resolve.

Geekzone

Want to support Geekzone and browse the site without the ads? Subscribe to Geekzone now (monthly, annual and lifetime options).

richms

29097 posts

Uber Geek
+1 received by user: 10206

Trusted

Lifetime subscriber

#1714405 2-Feb-2017 11:57

If anyone knows how to get a server 2008 machine resolving some records differently internally to what the external DNS server has I would be happy to know. At the moment I have just made it authoritive for the domain so I have to update both the machine at home as well as the one at my domain registrar for things, so that the local one can do things like resolve my unifi and vpn addresses back to the local internal IPs

Richard rich.ms

lxsw20

3689 posts

Uber Geek
+1 received by user: 2174

Subscriber

#1714413 2-Feb-2017 12:02

Is the server 2008 box a DNS server? If so, you would set a A record. If it's not doing DNS, then mess with the host file to point stuff to where you want it to go.

davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

#1714415 2-Feb-2017 12:04

Mattmannz:

why do you want to do mymachine.mydomain.lan? shouldn't it be mymachine.mydomain which will match your cert?

You can do that easy with hosts file

ahh whoops typo.

Should be machine.lan and machine.mydomain.com - the cert is for mydomain.com

But in a hosts file (Im assuming the etc/hosts on my router) wouldnt i have to set each machine, what about the dhcp ones?

i think it might just be easier to change the whole local domain from .lan to .mydomain.com

Also I have a mix of windows, linux and embedded devices.

Mattmannz

471 posts

Ultimate Geek
+1 received by user: 88

#1714806 3-Feb-2017 08:22

You don't really mention how many machines you had to roll this out to.

Can't you just change your domain name on your DHCP Server and use dynamic DNS registration?

davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

#1714810 3-Feb-2017 08:29

Mattmannz:

You don't really mention how many machines you had to roll this out to.

Can't you just change your domain name on your DHCP Server and use dynamic DNS registration?

I have a 24 port switch that is mostly full, and a few wireless devices.

Yeah I'm most likely to up the dhcp server and change the local domain - seems to be the least complicated way of doing it. While dnsmasq is supposed to support resolving multiple domain names, it's probably messy.

Unsure how dynamic DNS will relate as I'm only talking about local lan DNS resoltion here not external.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#1714891 3-Feb-2017 11:21

Just edit /etc/ hosts (had to add a space else Cloudflare blocks me) on your router - yes this is manual, but a good way everything sticks. I've personally just got a Raspberry Pi running PiHole doing DNS for my network.

Also I've been meaning to get off the .local domain :)

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

#1714928 3-Feb-2017 12:28

michaelmurfy:

Just edit /etc/ hosts (had to add a space else Cloudflare blocks me) on your router - yes this is manual, but a good way everything sticks. I've personally just got a Raspberry Pi running PiHole doing DNS for my network.

Also I've been meaning to get off the .local domain :)

Thats doesn't seem geeky enough for GZ. Also I assume that would work with an USG I've just pulled the trigger on (though when I set that up I'll be able to change the domain name)?

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#1714936 3-Feb-2017 12:46

davidcole:

That doesn't seem geeky enough for GZ. Also I assume that would work with an USG I've just pulled the trigger on (though when I set that up I'll be able to change the domain name)?

Doing it on the USG isn't geeky at all but it is indeed possible. You'll need to add a config.gateway.json file on the controller with the hosts. See Here for the forum thread - if you add it with the CLI it'll get wiped on the next controller re-provision.

Otherwise you could grab a single board computer and run PiHole?

davidcole

6099 posts

Uber Geek
+1 received by user: 1465

Trusted

#1714947 3-Feb-2017 13:30

michaelmurfy:

davidcole:

That doesn't seem geeky enough for GZ. Also I assume that would work with an USG I've just pulled the trigger on (though when I set that up I'll be able to change the domain name)?

Doing it on the USG isn't geeky at all but it is indeed possible. You'll need to add a config.gateway.json file on the controller with the hosts. See Here for the forum thread - if you add it with the CLI it'll get wiped on the next controller re-provision.

Otherwise you could grab a single board computer and run PiHole?

So the USG doesn't seem to be like most of the other routers I've used with regards dnsmasq etc. If I want static Ips (and resolvable names) I need to make this config.gateway.json file?

What ties the MAC address to an IP, since the option they talk about is hostname,ip?

1 | 2