OPNsense Forum
English Forums => General Discussion => Topic started by: DavyBlorBlop on January 06, 2021, 04:40:58 am
-
Hi all
I have a linux box (jetson nano/ubuntu) that I want to create a DNS entry for in the Unbound-->Override. But I am stuck at the domain field. I don't know what to put for it. Since I installed and setup the box I have never touched the domain part. I just got a simple home network of windows and macs so didn't really think it is worth it setup a whole domain but now I got this ubuntu box that I need to ssh into and IP is allocated from the FW as DHCP anyway so I need to setup the DNS for it.
what do i put in the Domain field?
-
The common namespace for this is .local although your clients need to search for .local as part of their (DHCP) network settings and unbound needs to be authoritative for it.
Bart...
-
Actually better not to use .local as the local domain given that will cause issues with mDNS
-
what is mdns? i don't see it in the menu items
-
what is mdns? i don't see it in the menu items
Used by some devices like printers.
--
You could pick .lan - that one is common.
I registered my own domain name and have a free Letsencrypt certifacte in place to use on my network.
-
I registered my own domain name and have a free Letsencrypt certifacte in place to use on my network.
I’ve done the same. I use local.mydomain.com as my local network domain, and have a LE wildcard for it so that all my internal web services are on https (because why not?!). And I access everything internally through DNS records on that local domain (server.local.mydomain.com, router.local.mydomain.com ...).
-
I’ve done the same. I use local.mydomain.com as my local network domain, and have a LE wildcard for it so that all my internal web services are on https (because why not?!). And I access everything internally through DNS records on that local domain (server.local.mydomain.com, router.local.mydomain.com ...).
Couldn't agree more - I use a distribution script for LE wildcards: https://github.com/bartsmit/distcerts
However, the "best" domain is one that is protected from inclusion into the ever growing list of TLD names, and .local means that any conflict will not be with an internet domain but stays within your network.
Bart...
-
Again, using .local will conflict with mDNS if that is enabled on a device in the network (and the OP said they had Apple devices)
See the RFC: https://tools.ietf.org/html/rfc6762#section-3
Devices using mDNS will not be able to resolve the DNS records for devices not using mDNS
The domain .lan as suggested by @flushell is likely to be better, with a low (admittedly not zero) chance of conflict with a future gTLD
Edit: Or .localdomain could be used. Or even something bespoke like .davynet :)
-
Couldn't agree more - I use a distribution script for LE wildcards: https://github.com/bartsmit/distcerts
I’m lazier than that. I just run nginx and acme.sh in a LXD container and reverse proxy everything else from there :)
-
I think the unbound GUI in opnsense should allow for entries without a domain. Unbound supports it (just add a line "local-data: "hostname A 10.1.1.1") and I think it's common for people to use it without.