DNS for local vs remote services (with Traefik) - eviltoast

First time poster, although I have lurked here for a while. Apologies for any stupid questions in advance…

I’m in the middle of repurposing an old desktop as a homeserver to host several services. However, I’m fairly new to all of this and more or less just following along some pieces of code that I found on the internet. So, I definitely don’t really know what I’m doing and I’d like to ask a few questions on how to do certain things and whether I got things right.

I own a domain name and have set up traefik to provide access to several services (right now gitea, portainer and authelia, plan to add others). I definitely see the use case of having some services being available on my lan, while access to others could be global. AT the same time, I like the ability to access all my services through a FQDN and having SSL certificates from Let’s encrypt.

On my network, I have dnsmasq running on my (Ubiquity edge)router, but until now I have only used that to assign hostnames to my NAS and my new homeserver.

For my questions:

- Is this a reasonable set-up in the first place, or should I not be running dnsmasq on my router? In the future I might consider something like AdGuard, but the idea of having a DNS server on my router seems to make some intuitive sense, as 1) this device is reponsible for my network’s routing anyway and 2) by using my router for such a critical feature, I’m not introducing additional points-of-failure (e.g. if the machine on which the DNS server is located goes down, but my router isn’t, I still might not have internet functioning, whereas if my router is down, internet isn’t working anyway).

- Should I add entries to dnsmasq to point the local only services to my homeserver? And is adding these DNS entries something I should do in any case, also for my public services (for example in case my internet connection goes down)? Is there a way to automatically discover these services and register them so that I don’t have to maintain entries manually?

- Is there any additional traefik configuration required to only allow local network access (IP whitelisting?) Will the local services remain having an SSL certificate in a set-up like this?

  • bj_nyc@alien.topOPB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Several reasons:

    - For now I am not looking to do ad-blocking and if I do, I’m not sure if I want PiHole or AdGuard.

    - Instead, I just need a DNS server. As far as I can tell, PiHole is based on dnsmasq, so I don’t think I gain extra functionality that I want from it.

    - As mentioned in my post, by introducing PiHole, I will create (potentially) another point of failure when it comes to my internet access.

    - I assume that the performance of PiHole as DNS server will be worse than running dnsmasq on my router. As far as I can tell, with PiHole I have to configure my router to route all DNS request through PiHole, which will then go through the router again externally (where applicable). So there’s an additional roundtrip from router to PiHole in this setup?