why have a domain name in a home LAN?

[Justinh]

I see some users on this forum implementing a domain for their LAN, like "bobs.lan". Got a couple of questions:
1`) Why do this, what problem does this solve?
2) Some users even have Internet domains, like "coolbeans.com" that is even used to hit local devices from within the LAN, or connect to their router from the WAN side. How can an Internet domain be used for internal hosts from inside the LAN?

 

[tgl]

I see some users on this forum implementing a domain for their LAN, like "bobs.lan". Got a couple of questions:
1`) Why do this, what problem does this solve?

If you'd like to be able to connect to your devices by name not IP address, it's useful.

2) Some users even have Internet domains, like "coolbeans.com" that is even used to hit local devices from within the LAN, or connect to their router from the WAN side. How can an Internet domain be used for internal hosts from inside the LAN?

Um ... you just do it. Assuming you own "coolbeans.com", then anything prefixed onto that belongs to you too. So for example "myprinter.coolbeans.com" is a valid DNS name that you could choose to assign to your printer, with confidence that that won't conflict with any real site out on the internet. You do have to set up a local DNS server that knows that name and knows what address the printer is supposed to have, and point your local machines at that server. Typically, having done so, you'd also configure your machines with "coolbeans.com" as their default DNS search domain, meaning that you only need to type "myprinter" to refer to your printer.

(Note that with the setup I'm describing here, "myprinter.coolbeans.com" would not be a name visible to anyone outside your LAN. At least for the purposes I use this for, that's what I want. If you want say "www.coolbeans.com" to be externally visible, you have to set up an externally visible DNS server, and I'd strongly suggest farming out that job to a service provider who knows what they're doing.)

 

[sg808]

I actually just registered to ask for some advice on this. I hope this doesn't thread-jack things too severly, but maybe you'll appreciate seeing the use-case. I have been using the domain name setting to tell my VMs which datacenter they've been deployed to. Consider the domain `dc1.example.com` It's handy to keep that kind of information outside of the VM image baking progress so that the same image can be deployed to multiple places without needing to be re-packed for a specific site. I generally have been following an approach where if I omit the datacenter name, dnsmasq will still resolve to the local machine with that name. So if I really need to check on something in another DC, I can use the fully qualified name and get to it.dc2.example.com just fine. This is just to make the URL cleaner when using applications in the local datacenter. An added benefit is the split-horizon DNS layout; I can set the public DNS records for external-facing services and the apps will work in the datacenter as well as off premises (using the WAN IP instead of the datacenter's LAN IP).

I hit a serious problem though related to DNS. My k8s cluster was having trouble resolving registry.dc1.example.com, whereas my local was able to ping it fine. I eventually came up with a test command which looked like this:

This command works correctly.

$  host machine.example.com
machine.example.com has address 192.168.1.10

This shows the errors and it occurs whenever the fqdn name is used which includes the router's domain name (dc1.example.com).

$  host machine.dc1.example.com
machine.dc1.example.com has address 192.168.1.10
Host machine.dc1.example.com not found: 3(NXDOMAIN)
Host machine.dc1.example.com not found: 3(NXDOMAIN)

I believe these problems emerged after I migrated to a dual stack ipv4/6 setup because I noticed that I could workaround the issue by defining an ipv6 address to the dns record and the errors from `host` went away. I traced the DNS queries to my router which oddly, seemed to check in with an external DNS provider for ipv6's AAAA records matching that domain name. Not checking upstream for internal DNS names is a configuration setting I have selected in the router's UI.

If anyone has any insights on this behavior I'd love to hear them because I'm out of ideas as to what to try next.

 

[tgl]

I actually just registered to ask for some advice on this.

Welcome!

This command works correctly.

$  host machine.example.com
machine.example.com has address 192.168.1.10

This shows the errors and it occurs whenever the fqdn name is used which includes the router's domain name (dc1.example.com).

$  host machine.dc1.example.com
machine.dc1.example.com has address 192.168.1.10
Host machine.dc1.example.com not found: 3(NXDOMAIN)
Host machine.dc1.example.com not found: 3(NXDOMAIN)

I believe these problems emerged after I migrated to a dual stack ipv4/6 setup

Hm. It seems like a good bet that "host" is finding your machine's A (ipv4) record fine and then having trouble trying to look up an AAAA (ipv6) record. So there is something wrong with the nameserver setup for the intermediate domain level dc1.example.com. You might see if "host -t NS dc1.example.com" yields any useful clues. I'm a bit out of my depth though because I don't use ipv6 on my LAN.

 

[sg808]

After putting the domain back in, I unable to reproduce the issue . I was digging around /etc/dnsmasq.conf yesterday and just now and wonder if making this change in the UI added in some needed ipv6 dhcp options.

 

[Justinh]

If you'd like to be able to connect to your devices by name not IP address, it's useful.

Right, but I can do that w/o any domain. My computers have hostnames, so I just use pc1 or whatever.

You do have to set up a local DNS server

I was wondering about this.

Thanks.

 

[eightiescalling]

To the original question, yes it requires local dns but a lan based domain can allow free letsencrypt certs which mean browsers across a range of devices don't moan about lack of https and don't need self signed certs or CAs installed. (The latter of which can cause a general background whinge about snooping on android devices at least)

 

[tgl]

Right, but I can do that w/o any domain. My computers have hostnames, so I just use pc1 or whatever.

[ shrug... ] Might work with Windows-to-Windows or Mac-to-Mac using some proprietary protocol or other, but if you want it to work across multiple kinds of systems there had better be DNS support.

 

[sfx2000]

The .lan TLD is reserved for local usage - as some have mentioned, there are application that may need a FQDN, so the .lan TLD serves the purpose.

Key thing to note - don't use .local or .home - .local is reserved for mDNS (Avahi, Bonjour), and .home is reserved for Matter and HomeKit at an IETF level

 

[tgl]

Might work with Windows-to-Windows or Mac-to-Mac using some proprietary protocol or other, but if you want it to work across multiple kinds of systems there had better be DNS support.

After a bit of research, that might be slightly too harsh. Apple uses mDNS for this, which is a documented standard that you can find on other machines too. But it's not universally supported -- wikipedia says that Windows doesn't have full support before Windows 11, which I suppose means that Windows normally uses their own method for DNS-less host discovery.