I’m finally starting to install local web apps that my wife/kids would be interested in, and I know it has to be super easy or they’re never going to go near it. Most everything is running on my Synology on different ports, with absolutely nothing exposed to the outside world, and I’d like to run local DNS and proxy so everything is available LAN-only with an easy hostname - plex.local, paperless.local, etc. (If we want remote access I’ll just run Tailscale.) I’m already running PiHole, and I’m assuming if I poke around I can add local names in there, but has anybody else that’s done this have any suggestions for setting things up?

  • z3bra@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I have setup my own DNS locally with unbound(1). It blackholes domains, but I also use it as a caching + forwarder to my external DNS over TLS (for improved privacy regarding my ISP). I don’t do it, but unbound let’s you add local data manually to provide direct answers without forwarding it:

    local-zone: "local." static
        local-data: "plex.local. 10800 IN A 10.0.0.3"
        local-data: "paperless.local. 10800 IN A 10.0.0.4"
        local-data: "pihole.local. 10800 IN A 10.0.0.53"
        [...]
    

    Then you can either configure it to include a generated list of domains to explicitly NXDOMAIN, or just forward everything to the pihole:

    forward-zone:
        name: "*"
        forward-addr: 10.0.0.53
    
    • tburkhol@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 year ago

      I don’t know about unbound, but bind can be configured to talk with dhcpd and allow clients to set their own hostnames

      In bind.conf allow-update { key "rndc-key"; };

      In dhcpd.conf

      ddns-update-style interim;
      ddns-updates on;
      ddns-domainname "lan.";
      ddns-rev-domainname "in-addr.arpa.";
      key rndc-key {
              algorithm hmac-md5;
              secret "secret";
      };
      

      No messy tables to maintain.

      • z3bra@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        That’s interesting. Unbound doesn’t support that afaik. The local data feature was requested by OP so I just provided a solution for it.

  • valkyre09@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    If you use NGINX proxy manager you’ll also be able to use a FQDN with SSL for your local services without them being exposed to the internet. It means your local users won’t see the scary insecure page when they access services.

    You can even set your public dns records to have Plex.yourdomain.tld point to the local IP of NGINX - removing the need for local dns entirely. That way if you do need to access a service outside with tailscale; their subnet router feature will just work out of the box.

    Porkbun are still offering a free .dev or .app domain if you don’t already have one: https://porkbun.com/event/freeappdevdomain

    • funkajunk@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Yep, I use cloudflare for DNS and just have 2 records configured there:

      • A record - example.com points to 192.168.1.100
      • CNAME - *.example.com is an alias of example.com

      The IP address above being the address of Nginx Proxy Manager, where I configure whatever subdomains I need for my local services.

  • liliumstar@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    It’s fairly easy to add local domain names with pihole, so presuming all devices on your network are using it, you shouldn’t have a problem.

  • Anafroj@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    I don’t use a pihole, but I have a pi with my favorite distro acting as server, and I use dnsmasq for what you mention. It allows to set the machine as the nameserver for all your machines (just use its IP in your router DNS conf, DHCP will automatically point connected machines to it), and then you can just edit /etc/hosts to add new names, and it will be picked up by the nameserver.

    Note that dnsmasq itself does not resolve external names (eg when you want to connect on google.com), so it needs to be configured to relay those requests to an other nameserver. The easy way is to point it to your ISP nameservers or to public nameservers like those from Cloudflare and Google (I would really recommend against letting them know all domains you’re interested in), or you can go the slightly more difficult way as I did, and install an other nameserver (like bind9) that runs locally. Gladly, dnsmasq allowed to configure its relay nameserver to be on something else than port 53, which is quite rare in dns world. Of course, if you’re familiar with bind9, you could just declare new zones in it. I just find it (slightly 😂) more pleasant to work with /etc/hosts.

    • keyez@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      A pihole runs dnsmasq also so adding hosts entries and restarting the service accomplishes the same thing as adding entries via the webUI

  • Natal@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Here to ask questions too. Is it necessary to add stuff to etc/hosts for this to work man only? Do I have to do portforwarding on my routeur and to what?

    I’ve been trying to achieve exactly that for a week now and none of my attempts load at all.

    Is there a resource or YouTube guide explaining all this so I actually know what I’'m doing?