Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Organizing a local domain
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Goverp
l33t
l33t


Joined: 07 Mar 2007
Posts: 922

PostPosted: Thu Aug 20, 2020 6:37 pm    Post subject: Organizing a local domain Reply with quote

I'm trying to organize my machines downstream of my broadband modem into a sensible local domain, mainly so I can use OpenSMTPD to route system management emails (e.g. smartmon messages) to my desktop machine. One way is to use avahi, which brings rather more function than that (i.e. service announcement.), and has the typical Windowsy feel of "lets make it easier" by removing controls.
Then I noticed who originally developed it (although IIUC the design came from Apple, not sure if that's any better), which started my tic again :-)

Is there a consensus as to whether it's a good thing or not?

AN alternative is possibly to use DHCP; my modem seems to handle dhcp hostnames as local dns entries, but (at least at the moment) without any domain name. IIUC avahi would put my machines into the .local domain, even without dhcp (and I'm happy with static addresses for most of my kit).

Or there's /etc/hosts
_________________
Greybeard
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6781

PostPosted: Thu Aug 20, 2020 10:46 pm    Post subject: Reply with quote

Don't use avahi for static infrastructure or anything automated; the hostnames are unstable in the same way udev's "predictable" network naming is.

If you want something stable your best bet is turning off the router's DHCP server and running your own.
Back to top
View user's profile Send private message
sitquietly
Tux's lil' helper
Tux's lil' helper


Joined: 23 Oct 2010
Posts: 106
Location: On the Wolf River, Tennessee

PostPosted: Thu Aug 20, 2020 11:45 pm    Post subject: Re: Organizing a local domain Reply with quote

Goverp wrote:
I'm trying to organize my machines downstream of my broadband modem into a sensible local domain.....Or there's /etc/hosts


For my lab with five computers I log onto the admin page for the broadband modem and configure its dhcp server to assign dynamic addresses starting at 192.168.1.10, leaving 1..9 for static assignment. Each permanent local host has an identical /etc/hosts in which each host is given its static ip address.
Back to top
View user's profile Send private message
Goverp
l33t
l33t


Joined: 07 Mar 2007
Posts: 922

PostPosted: Fri Aug 21, 2020 7:20 am    Post subject: Reply with quote

Thanks for the comments. I won't fight my natural instinct to avoid avahi!
_________________
Greybeard
Back to top
View user's profile Send private message
C5ace
Guru
Guru


Joined: 23 Dec 2013
Posts: 365
Location: Brisbane, Australia

PostPosted: Fri Aug 21, 2020 10:11 am    Post subject: Reply with quote

I use static IP's on my LAN. They are defined in the hosts file of each of the PC's on my LAN. No DHCP server.

Example:
Code:
127.0.0.1     mybox.xyz.lan  mybox  localhost

192.168.0.1 router.xyz.lan  router
192.168.0.2 printer.xyz.lan printer
192.168.0.3 mybox.itw.lan mybox
192.168.0.4 laptop.xyz.lan laptop
.
.
.

_________________
Observation after 30 years working with computers:
All software has known and unknown bugs and vulnerabilities. Especially software written in complex, unstable and object oriented languages such as python, perl, C++, C#, Rust and the likes.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 46736
Location: 56N 3W

PostPosted: Fri Aug 21, 2020 10:30 am    Post subject: Reply with quote

Goverp,

My LAN is a mess. It started out 25 years ago with 2 PCs and a baseband modem.
At that time everything was static.

When Wifi arrived, static addressing was a PITA, so I added a DHCP server for a small range of addresses.
Then I split my LAN in trusted (wired), untrused (wifi) and the DMZ.
Trusted is a mix of DHCP and static. Static is required for when the DHCP server is down.
wifi is all DHCP
The DMZ is all static. Well, its servers.

It gets worse!
IPv6 came along. I get my delegated prefix from my ISP dynamically and dish out a /64 to my subnets.
Then I use IPv6 built in autoconfig which makes up IP addresses based on the MAC address of the card.
Don't do that. Its a big mess with dynamic on the upstream side and effectively static on the downstream side.

Do your own DHCP thing. Fake static IPs by binding MAC addresses to IPs in the DHCP server.
Keep enough really static so you can sort out the mess when DHCP is down.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6781

PostPosted: Fri Aug 21, 2020 10:48 am    Post subject: Reply with quote

Nothing to add here except my network mostly resembles the above (I have no plans to tidy it up), and I use wireguard for the trusted parts - lets me have email on my phone without having to expose imap ports to the internet.
Back to top
View user's profile Send private message
Goverp
l33t
l33t


Joined: 07 Mar 2007
Posts: 922

PostPosted: Sat Aug 22, 2020 7:55 pm    Post subject: Reply with quote

Perhaps I should set up my own DNS server on the Raspbery Pi. Dnsmasq came up in a bit of Googling. Seems to allow a mixture of means of assigning names, and have its own DHCP server. Do I want the DHCP bit, or would it fight with my router? I guess the fact the router has 4 boxes attached via separate cables and the usual plethora of WiFi-attached devices doesn't prevent a different DCHP server assigning local IP addresses to them.

I'm also presuming I can have more than one DNS domain name - or rather, a local domain name for my side of the router (like, possibly the same as, .local. as used by Avahi), and another one from a DDNS supplier for the outside world.

[I've used DuckDNS.org on another Raspberry pi at a different address so I can ssh in and check it's alive (and read the logs of lunatics trying to break in;
Code:
lastb -s <yyyymmddhhmmsss> | sort -uk2 | wc -l
gives the number of unique failed login sources since the given date, qua a few using blank userid; over a thousand of them since the start of August).]
_________________
Greybeard
Back to top
View user's profile Send private message
jamapii
l33t
l33t


Joined: 16 Sep 2004
Posts: 603

PostPosted: Sun Aug 23, 2020 11:50 pm    Post subject: Reply with quote

I would grab a random 10.X/16 network, and start with a 10.X.Y subnet. 192.168.any tends to be used as default by all kinds of routers and appliances.

I would do a similar thing for ipv6, grab a random site-local network that is bigger than the 1st subnet.

I use a subdomain of .local for DNS. I consider this necessary because all other TLDs are potentially taken, and a long password-like string for DNS is counterproductive. Maybe there is a better way, I don't think so, your choice. When using a .XXX.local, note it seems to work everywhere except with a default installation of glibc, that means basically all Linux distributions. /etc/nsswitch.conf has a hosts: line that prevents exactly that from working. Fix it by putting "dns" ahead of any mdns variations.

I would prefer dnsmasq for DNS and DHCP etc.
Back to top
View user's profile Send private message
sunset_sergal
n00b
n00b


Joined: 22 May 2019
Posts: 20
Location: GA, USA

PostPosted: Mon Aug 24, 2020 7:11 am    Post subject: Reply with quote

I set up BIND named, ISC DHCP, and radvd for DDNS with RPZ ad-blocking on my Gentoo router-AP. It was a lot of effort to get right (mainly because the documentation is not always clear so I had a very simple typo preventing it from working the entire time!), but it moved all of the network configuration needed to the router, so now when I plug in a new computer or make a new VM It Just Works and I can SSH or SMB using "hostname.home".

OP could get their local SMTP setup working with a DNS zone, if they wanted to go through the trouble to set all this up.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum