Comment on Self hosting Sunday! What's up and how long?
tofu@lemmy.nocturnal.garden 3 weeks agoSo I have my vms behind an opnsense with DHCP, the opnsense also creates local DNS records like vm1.opnsense. The pihole has conditional forwarding for .opnsense to the firewall, so I can resolve the domain everywhere in LAN.
I had CNAME records in the pihole for my actual domain (e.g. lemmy.nocturnal.garden) pointing to vm1.opnsense so I take a shortcut from inside the LAN, avoiding going “outside” via the public IP.
Mint/resolved resolves the .opnsense domains when I directly look them up, but for a reason I didn’t fully understand, it does not work with a CNAME entry pointing to that. So I have up on the CNAME approach and created A records for each service, directly pointing to the VM’s IP.
zo0@programming.dev 3 weeks ago
I’m curious as why you decided to setup pihole when you already have opnsense. More so that your records are in pihole and not opnsense
tofu@lemmy.nocturnal.garden 3 weeks ago
I’ve had pihole years before the opnsense, but also opnsense is not the main router but just sits in front of my homelab. The wifi etc is a FritzBox, which also acts as WAN for opnsense.
That way, everything still in the house still works if my homelab/opnsense is down. Pihole is on a pi in the FritzBox LAN.
zo0@programming.dev 3 weeks ago
That sounds overly complicated, why not have it all on opnsense instead of 3 different devices?
Is your opnsense unstable? Otherwise regarding network availability you are just introducing unnecessary failure points the network.
tofu@lemmy.nocturnal.garden 3 weeks ago
The point of the opnsense is that I can tinker with it without risking our home wifi. It needs to stay up for my wife, for our mqtt devices/home assistant etc.
I don’t introduce points of failure to our home network which is the critical part. If something in the opnsense misbehaves, it only impacts my lab stuff. The FritzBox + Pihole combination has proven pretty stable over years, even though I’m considering getting a second Pihole device for high availability.