Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




4379 posts

Uber Geek
+1 received by user: 669

Trusted

# 208233 2-Feb-2017 09:09
Send private message

 

 

So as part for Freitasm's thread here: http://www.geekzone.co.nz/forums.asp?forumid=66&topicid=208215  It talked about getting some certs for my domain name.

 

Now I've done that, and when I update a windows hosts file to use my domain address, my local service has the pretty green secured tag.

 

So now I'm trying to figure out how to get that domain resolved by my router.  It's currently gargoyle based (so openwrt)  and the local domain is set to .lan, so machine.lan responds. But obviously https://machine.lan gets a certificate error with my new machine.mydomain.com certificate.

 

I guess I could change(?) my domain definition in gargoyle to set the domain to mydomain.com instead of .lan?

 

Or is there a way I could tell gargoyle to accept either domain I can't figure out if it's dhcpd that does this or dnsmasq), and I'm not sure I'm ready to completely replace my local domain name.

 

 





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
1664 posts

Uber Geek
+1 received by user: 188

Subscriber

  # 1714334 2-Feb-2017 09:40
Send private message

I am certainly no expert in this area, but I am interested nonetheless. I have a local DNS domain of .home but I was recently informed this is a bad idea, since it is highly likely one day that someone will buy the .home domain and thus all my DNS lookups will be shot. I would imagine the same thing could happen with .lan. 

 

So I have been putting off moving .home to .mydomain.nz (I also use dnsmasq) due to the number of things this will likely break. But it is definitely on my TODO list. The benefit, as you have pointed out, is that my LetsEncrypt TLS certificates (which are bound to mydomain.nz) should work on my local machines as well, although I would need to add each machine to the TLS address list since I can do wildcards with LetsEncrypt.

 

Interested to hear the opinions of the *experts* on here...




4379 posts

Uber Geek
+1 received by user: 669

Trusted

  # 1714337 2-Feb-2017 09:45
Send private message

SumnerBoy:

 

I am certainly no expert in this area, but I am interested nonetheless. I have a local DNS domain of .home but I was recently informed this is a bad idea, since it is highly likely one day that someone will buy the .home domain and thus all my DNS lookups will be shot. I would imagine the same thing could happen with .lan. 

 

So I have been putting off moving .home to .mydomain.nz (I also use dnsmasq) due to the number of things this will likely break. But it is definitely on my TODO list. The benefit, as you have pointed out, is that my LetsEncrypt TLS certificates (which are bound to mydomain.nz) should work on my local machines as well, although I would need to add each machine to the TLS address list since I can do wildcards with LetsEncrypt.

 

Interested to hear the opinions of the *experts* on here...

 

 

I've just managed to get my unifi controller to be secured on the new domain, but currently have updated a windows hosts file to do the resolution (poor mans solution, but i wanted to verify the certificate was working).

 

In gargoyle I did update the /etc/config/dhcp local option which is set to /lan/ and added /lan/mydomain.com/  but it didn't seem to have an effect (this was based onthe dnsmasq options of being able to have multiple domains).

 

I need to get openhab to use the same https cert as well which is on the same machine.

 

 





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


 
 
 
 


456 posts

Ultimate Geek
+1 received by user: 90


  # 1714338 2-Feb-2017 09:47
Send private message

Not sure I fully follow what you are doing - you mention using a host file for some other reason, you could obviously put your domain name in that and point it to your PC, maybe that's not what you are trying to achieve?




4379 posts

Uber Geek
+1 received by user: 669

Trusted

  # 1714339 2-Feb-2017 09:51
Send private message

In a nutshell I'd like to be able to ping machine by machine.lan and machine.mydomain.lan - from all devices on my network.  So given that my gargoyle router serves dns and dhcp addresses, I'd assume it's driven from here.

 

I mentioned the windows hosts file as that was how I tested my certificate had been implemented successfully, as the unifi service is now secured as machine.mydomain.com - but I currently can't resolve that name.

 

 





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


456 posts

Ultimate Geek
+1 received by user: 90


  # 1714395 2-Feb-2017 11:46
One person supports this post
Send private message

why do you want to do mymachine.mydomain.lan? shouldn't it be mymachine.mydomain which will match your cert?

 

 

 

You can do that easy with hosts file


2249 posts

Uber Geek
+1 received by user: 698

Subscriber

  # 1714401 2-Feb-2017 11:54
Send private message

Can you set DHCP options in Gargoyle? If so it's option 15 to set the dns suffix, with the value mydomain.lan You won't be able to ping by machine.mydomain.lan and machine.lan, but machine.mydomain  and machine.mydomain.lan and just machine should resolve. 


22052 posts

Uber Geek
+1 received by user: 4680

Trusted
Subscriber

  # 1714405 2-Feb-2017 11:57
Send private message

If anyone knows how to get a server 2008 machine resolving some records differently internally to what the external DNS server has I would be happy to know. At the moment I have just made it authoritive for the domain so I have to update both the machine at home as well as the one at my domain registrar for things, so that the local one can do things like resolve my unifi and vpn addresses back to the local internal IPs





Richard rich.ms

2249 posts

Uber Geek
+1 received by user: 698

Subscriber

  # 1714413 2-Feb-2017 12:02
One person supports this post
Send private message

Is the server 2008 box a DNS server? If so, you would set a A record. If it's not doing DNS, then mess with the host file to point stuff to where you want it to go. 




4379 posts

Uber Geek
+1 received by user: 669

Trusted

  # 1714415 2-Feb-2017 12:04
Send private message

Mattmannz:

 

why do you want to do mymachine.mydomain.lan? shouldn't it be mymachine.mydomain which will match your cert?

 

 

 

You can do that easy with hosts file

 

 

 

 

ahh whoops typo.

 

Should be machine.lan and machine.mydomain.com  - the cert is for mydomain.com  

 

But in a hosts file (Im assuming the etc/hosts on my router) wouldnt i have to set each machine, what about the dhcp ones?

 

i think it might just be easier to change the whole local domain from .lan to .mydomain.com

 

Also I have a mix of windows, linux and embedded devices.

 

 





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


456 posts

Ultimate Geek
+1 received by user: 90


  # 1714806 3-Feb-2017 08:22
Send private message

You don't really mention how many machines you had to roll this out to.

 

 

 

Can't you just change your domain name on your DHCP Server and use dynamic DNS registration?




4379 posts

Uber Geek
+1 received by user: 669

Trusted

  # 1714810 3-Feb-2017 08:29
Send private message

Mattmannz:

 

You don't really mention how many machines you had to roll this out to.

 

 

 

Can't you just change your domain name on your DHCP Server and use dynamic DNS registration?

 

 

I have a 24 port switch that is mostly full, and a few wireless devices.

 

Yeah I'm most likely to up the dhcp server and change the local domain - seems to be the least complicated way of doing it.  While dnsmasq is supposed to support resolving multiple domain names, it's probably messy.

 

 

 

Unsure how dynamic DNS will relate as I'm only talking about local lan DNS resoltion here not external.





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


Mr Snotty
8588 posts

Uber Geek
+1 received by user: 4492

Moderator
Trusted
Lifetime subscriber

  # 1714891 3-Feb-2017 11:21
Send private message

Just edit /etc/ hosts (had to add a space else Cloudflare blocks me) on your router - yes this is manual, but a good way everything sticks. I've personally just got a Raspberry Pi running PiHole doing DNS for my network.

 

 

Also I've been meaning to get off the .local domain :)







4379 posts

Uber Geek
+1 received by user: 669

Trusted

  # 1714928 3-Feb-2017 12:28
Send private message

michaelmurfy:

 

Just edit /etc/ hosts (had to add a space else Cloudflare blocks me) on your router - yes this is manual, but a good way everything sticks. I've personally just got a Raspberry Pi running PiHole doing DNS for my network.

 

 

Also I've been meaning to get off the .local domain :)

 

 

 

 

Thats doesn't seem geeky enough for GZ.    Also I assume that would work with an USG I've just pulled the trigger on (though when I set that up I'll be able to change the domain name)?





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


Mr Snotty
8588 posts

Uber Geek
+1 received by user: 4492

Moderator
Trusted
Lifetime subscriber

  # 1714936 3-Feb-2017 12:46
Send private message

davidcole:

 

 

 

That doesn't seem geeky enough for GZ. Also I assume that would work with an USG I've just pulled the trigger on (though when I set that up I'll be able to change the domain name)?

 

 

Doing it on the USG isn't geeky at all but it is indeed possible. You'll need to add a config.gateway.json file on the controller with the hosts. See Here for the forum thread - if you add it with the CLI it'll get wiped on the next controller re-provision.

 

Otherwise you could grab a single board computer and run PiHole?







4379 posts

Uber Geek
+1 received by user: 669

Trusted

  # 1714947 3-Feb-2017 13:30
Send private message

michaelmurfy:

 

davidcole:

 

 

 

That doesn't seem geeky enough for GZ. Also I assume that would work with an USG I've just pulled the trigger on (though when I set that up I'll be able to change the domain name)?

 

 

Doing it on the USG isn't geeky at all but it is indeed possible. You'll need to add a config.gateway.json file on the controller with the hosts. See Here for the forum thread - if you add it with the CLI it'll get wiped on the next controller re-provision.

 

Otherwise you could grab a single board computer and run PiHole?

 

 

So the USG doesn't seem to be like most of the other routers I've used with regards dnsmasq etc.  If I want static Ips (and resolvable names) I need to make this config.gateway.json file?

 

What ties the MAC address to an IP, since the option they talk about is hostname,ip?

 

 





Previously known as psycik

OpenHAB: Gigabyte AMD A8 BrixOpenHAB with Aeotech ZWave Controller, Raspberry PI, Wemos D1 Mini, Zwave, Xiaomi Humidity and Temperature sensors and Bluetooth LE Sensors
Media:Chromecast v2, ATV4, Roku3, HDHomeRun Dual
Windows 10
Host (Plex Server/Crashplan): 2x2TB, 2x3TB, 1x4TB using DriveBender, Samsung 850 evo 512 GB SSD, Hyper-V Server with 1xW10, 1xW2k8, 2xUbuntu 16.04 LTS, Crashplan, NextPVR channel for Plex,NextPVR Metadata Agent and Scanner for Plex


 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41


Nokia 9 PureView available in New Zealand
Posted 6-May-2019 09:06


Motorola Solutions joins local partners to deliver advanced communications network in New Zealand
Posted 30-Apr-2019 21:50



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.