Comment on How to Use Local IP for Services when at Home?
plateee@piefed.social 1 week ago
Could you do a subdomain for internal? Using Nginx host base routing to get to the same port would let you have a valid cert for both service.lan.your.fqdn and service.your.fqdn.
Let’s Encrypt wildcard certs for the *.lan.your.fqdn would simplify things.
Your DNA server could then resolve the lan fqdns to your internal network and the non-lan to your Internet exposed?
mrh@mander.xyz 1 week ago
Yes that would work, but it feels a bit cumbersome to have 2 fqdns per service, which I would have to switch between using depending on on whether I’m local or not.
plateee@piefed.social 1 week ago
Yeah, in that case, I’d probably split my DNS duties. I started with internal resolution by having Pihole do hard coded DNS entries for internal systems, but my current setup seems to be much more resilient.
I have two PowerDNS servers (main and replica) with recursors to Open DNS internet servers and resolvers for my lab network. It plays very nicely with Terraform or (crucially lately) Kubernetes.