DNS for local vs remote services (with Traefik) - eviltoast

First time poster, although I have lurked here for a while. Apologies for any stupid questions in advance…

I’m in the middle of repurposing an old desktop as a homeserver to host several services. However, I’m fairly new to all of this and more or less just following along some pieces of code that I found on the internet. So, I definitely don’t really know what I’m doing and I’d like to ask a few questions on how to do certain things and whether I got things right.

I own a domain name and have set up traefik to provide access to several services (right now gitea, portainer and authelia, plan to add others). I definitely see the use case of having some services being available on my lan, while access to others could be global. AT the same time, I like the ability to access all my services through a FQDN and having SSL certificates from Let’s encrypt.

On my network, I have dnsmasq running on my (Ubiquity edge)router, but until now I have only used that to assign hostnames to my NAS and my new homeserver.

For my questions:

- Is this a reasonable set-up in the first place, or should I not be running dnsmasq on my router? In the future I might consider something like AdGuard, but the idea of having a DNS server on my router seems to make some intuitive sense, as 1) this device is reponsible for my network’s routing anyway and 2) by using my router for such a critical feature, I’m not introducing additional points-of-failure (e.g. if the machine on which the DNS server is located goes down, but my router isn’t, I still might not have internet functioning, whereas if my router is down, internet isn’t working anyway).

- Should I add entries to dnsmasq to point the local only services to my homeserver? And is adding these DNS entries something I should do in any case, also for my public services (for example in case my internet connection goes down)? Is there a way to automatically discover these services and register them so that I don’t have to maintain entries manually?

- Is there any additional traefik configuration required to only allow local network access (IP whitelisting?) Will the local services remain having an SSL certificate in a set-up like this?

  • bj_nyc@alien.topOPB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Thanks, this does sound interesting. I don’t know anything about bind or axfr transfers, but I’ll read up on it!