Organizing a local domain

Goverp · Advocate Joined: 07 Mar 2007 Posts: 2202

I'm trying to organize my machines downstream of my broadband modem into a sensible local domain, mainly so I can use OpenSMTPD to route system management emails (e.g. smartmon messages) to my desktop machine. One way is to use avahi, which brings rather more function than that (i.e. service announcement.), and has the typical Windowsy feel of "lets make it easier" by removing controls.
Then I noticed who originally developed it (although IIUC the design came from Apple, not sure if that's any better), which started my tic again :-)

Is there a consensus as to whether it's a good thing or not?

AN alternative is possibly to use DHCP; my modem seems to handle dhcp hostnames as local dns entries, but (at least at the moment) without any domain name. IIUC avahi would put my machines into the .local domain, even without dhcp (and I'm happy with static addresses for most of my kit).

Or there's /etc/hosts
_________________
Greybeard

Ant P. · Watchman Joined: 18 Apr 2009 Posts: 6920

Don't use avahi for static infrastructure or anything automated; the hostnames are unstable in the same way udev's "predictable" network naming is.

If you want something stable your best bet is turning off the router's DHCP server and running your own.

sitquietly · Posted: Thu Aug 20, 2020 11:45 pm Post subject: Re: Organizing a local domain

Goverp · Advocate Joined: 07 Mar 2007 Posts: 2202

Thanks for the comments. I won't fight my natural instinct to avoid avahi!
_________________
Greybeard

C5ace · Posted: Fri Aug 21, 2020 10:11 am Post subject:

I use static IP's on my LAN. They are defined in the hosts file of each of the PC's on my LAN. No DHCP server.

Example:

NeddySeagoon · Posted: Fri Aug 21, 2020 10:30 am Post subject:

Goverp,

My LAN is a mess. It started out 25 years ago with 2 PCs and a baseband modem.
At that time everything was static.

When Wifi arrived, static addressing was a PITA, so I added a DHCP server for a small range of addresses.
Then I split my LAN in trusted (wired), untrused (wifi) and the DMZ.
Trusted is a mix of DHCP and static. Static is required for when the DHCP server is down.
wifi is all DHCP
The DMZ is all static. Well, its servers.

It gets worse!
IPv6 came along. I get my delegated prefix from my ISP dynamically and dish out a /64 to my subnets.
Then I use IPv6 built in autoconfig which makes up IP addresses based on the MAC address of the card.
Don't do that. Its a big mess with dynamic on the upstream side and effectively static on the downstream side.

Do your own DHCP thing. Fake static IPs by binding MAC addresses to IPs in the DHCP server.
Keep enough really static so you can sort out the mess when DHCP is down.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

Ant P. · Watchman Joined: 18 Apr 2009 Posts: 6920

Nothing to add here except my network mostly resembles the above (I have no plans to tidy it up), and I use wireguard for the trusted parts - lets me have email on my phone without having to expose imap ports to the internet.

Goverp · Advocate Joined: 07 Mar 2007 Posts: 2202

Perhaps I should set up my own DNS server on the Raspbery Pi. Dnsmasq came up in a bit of Googling. Seems to allow a mixture of means of assigning names, and have its own DHCP server. Do I want the DHCP bit, or would it fight with my router? I guess the fact the router has 4 boxes attached via separate cables and the usual plethora of WiFi-attached devices doesn't prevent a different DCHP server assigning local IP addresses to them.

I'm also presuming I can have more than one DNS domain name - or rather, a local domain name for my side of the router (like, possibly the same as, .local. as used by Avahi), and another one from a DDNS supplier for the outside world.

[I've used DuckDNS.org on another Raspberry pi at a different address so I can ssh in and check it's alive (and read the logs of lunatics trying to break in;

jamapii · l33t Joined: 16 Sep 2004 Posts: 637

I would grab a random 10.X/16 network, and start with a 10.X.Y subnet. 192.168.any tends to be used as default by all kinds of routers and appliances.

I would do a similar thing for ipv6, grab a random site-local network that is bigger than the 1st subnet.

I use a subdomain of .local for DNS. I consider this necessary because all other TLDs are potentially taken, and a long password-like string for DNS is counterproductive. Maybe there is a better way, I don't think so, your choice. When using a .XXX.local, note it seems to work everywhere except with a default installation of glibc, that means basically all Linux distributions. /etc/nsswitch.conf has a hosts: line that prevents exactly that from working. Fix it by putting "dns" ahead of any mdns variations.

I would prefer dnsmasq for DNS and DHCP etc.

sunset_sergal · n00b Joined: 22 May 2019 Posts: 21 Location: GA, USA

I set up BIND named, ISC DHCP, and radvd for DDNS with RPZ ad-blocking on my Gentoo router-AP. It was a lot of effort to get right (mainly because the documentation is not always clear so I had a very simple typo preventing it from working the entire time!), but it moved all of the network configuration needed to the router, so now when I plug in a new computer or make a new VM It Just Works and I can SSH or SMB using "hostname.home".

OP could get their local SMTP setup working with a DNS zone, if they wanted to go through the trouble to set all this up.