".home.arpa" for A records.

I run my own CA and DNS, and can create vanity TLDs like: a.git, a.webmail, b.sync, etc for internal services. These are CNAMEs pointing to A records.

RFC 6762 defines the TLDs you can use safely in a local-only context:

*.intranet
*.internal
*.private
*.corp
*.home
*.lan

Be a selfhosting rebel, but stick to the RFCs!

do not use .local, as tempting as it may be

use .home personally

I bought a .casa domain Using it internally, but also routing one service to the outside with that domain

I just use my public domain (eg domain.com) and have split DNS setup.

I use home.arpa as the base dns as that play very well and are the official standard, then I have a domain for my reverse proxy. Of course I can use that domain for the whole network, but I like to split it up

I have 2 registered tlds in .dev and .net. I split their use using .net for personal/selfhosted sites and .dev for public facing.

.box since it's recognized as valid TLD by many devices. Never use .local it's reserved for multicast DNS.

Managed to buy a really sweet domain so using that for both mail and local domain

currently I have names for my machines in my /etc/hosts files across some of my machines

A better way is to set the DHCP server to resolve local too via DNS.

So in my case proxmox.mydomain.com and proxmox both resolve to a local IP...without any need to configure IPs manually anywhere.

On opnsense it's under Unbound >> Register DHCP Leases

I have a registered domain and using it like this: service.machine.location.myregistereddomain.cz

You can use Let's Encrypt certs inside lan if you use a real purchased domain.

My TLDs are:
.lan = management/wired vlan
.mobile = primary wifi
.iot = locked down for iot/home automation devices .guest = guest wifi

The domain for each is my public .io domain.

I use .home for the Windows domain/internal hosts and .online for my external domain as it was cheap, and the name I wanted was available.

To access self hosted stuff with working SSL certs,.I set up split DNS. On the internal DNS sever, I have a forward lookup zone for the .online domain with static A records for .online and all the subdomains pointing at the internal address of a caddy reverse proxy.

Being a bit of a rebel myself. I use ONLY a tld, and where subdomains would be used, I use domain.tld

This has lead me to discover quite a few projects out there that don't parse domain names correctly, especially when you want to use an email like admin@tld and it cries because you have no dot.

https://datatracker.ietf.org/doc/html/draft-chapin-rfc2606bis-00

I use .host because .internal is too long to type and .local is a pita, but mostly because the browser actually tries to go there instead of some stupid search engine that tracks that kind of info and I don't have to remember to put a slash at the end.

I use .lan as it's shorter and IMO nicer looking than .local

.local

.space is the only answer, have to buy that though

Everything at my house has a TLD named after the road I live on (a founding father last name). Everything at my offsite at my dads house uses TLD named after the road he lives on (a woman's first name).

It's both arbitrary and practical. A number systems exist at both such as proxmox. truenas. pihole. plex. So it's a good way to tell them appart without having to differentiate them in the domain name.

I read the answers and I am wondering if I should change what I do.

I use the exact same domains and sundomains internally and externally. I simply have a DNS internally that will answer requests with local IP.

So I don't have to address my machines with a different name when I am outside or inside.

Can someone explain to me what I missed ?

I own a domain I purchased thru cloudflare.

public facing services are say xyz.mydomain.com

internal facing is xyz.local.mydomain.com

This was internal access pipes into pihole, DNS directs it to Traefik on my server, then to the internal service. Not internet dependent.

i made up a not real, non-standard TLD that i use lol (.null)

I have a self signed CA that all my devices trust. Getting a real domain and just using that, with LetsEncrypt, would not have required me to explicitly trust my own CA, but hey, my system works.

and i know i know, RFCs, but it works, and doesn't break anything.

I use `.home.arpa` as that is the "official" use of that domain.

Technically every machine is supposed to have a registered TLD, even on a local network. That said, I use .lan

If you want to avoid problems, use TLD that are assigned for this purpose, for example .home.arpa or .home or .lan or .private etc.

Avoid using .local because its already used by mDNS.

https://en.m.wikipedia.org/wiki/Special-use_domain_name

I had problems with .local because it’s used for MDNS and too lazy to figure out how that works so now I just use lan but I also own a .com domain so I have started to use that more

.uk, but it is an actual .uk that I've registered.

everything under *.home.mydomain.tld is reserved for internal use.

I have a registered domain and my lan domain is "int.registereddomain.com". This way I can use letsencrypt etc for my internal hosts (*.int.registereddomain.com via dns challenge). The actual dns for my internal domain itself is not public but static records in pihole.

.damo

I Just use a .de tld and for all my sites a *.mysite.mydomain.de.

Ssl certs from cloudflare with a dns challenge for internal use.

I own both mydomain.com as well as mydomain.me. I use the *.me as my local domain and *.com for the real world.

I use homelab..org

.app is suuuper cheap even for three letter domains. I picked one up for pennies with three letters that mean something to me and my partner and use a pair of redundanct piholes to serve local DNS for that domain. Externally it’s hosted on DigitalOcean for stuff I want external.

.com lol. I got a 6 letter domain that makes for me. I should check out .local though. I could .com for my website and .local for my home network using the same domain name.

I use .lan for anything local and my public domain is .net for anything publicly hosted.

I own lastname.me and lastname.dev and everything public is lastname.me and everything local ist lastname.dev. I don't have a VPS anymore so the .me domain is a bit useless and only relevant for emails these days but I'd have something like nc.lastname.me for my public next cloud instance and docs.lastname.dev for my paperless instance that I don't want to have on somebody else's machine.

I use a custom domain for everything....email, internal dns, external (cf tunnels), and my public websites. I use to use AWS Route 53 for everything because of work, but moved to CF because it's free and much easier to setup and manage.

For local devices I use *.local.domaingoeshere.com (wildcart cert), issued by cloudlfare. In retrospec I should have used *.int.domain.com as it would be less typing...but everything is categorized and bookmarked anyway.

maybe not directly answer for you, but I just literally bought 4 domains for 3 euro per year (renews at the same price!) 5 minutes ago :D.

The catch - it has to be 9 numbers.xyz (see https://gen.xyz/1111b for details).

I mean.... I use xtremeownage.com

But, ya know... I own it. Although, I use a few subdomains for my home-network, with a split-horizon DNS setup.

i have owned a .com since 1997. i use that.

I just run (shall we add the word) “proper” split DNS with the same names for anything publicly exposed, internal. And not everything is publicly exposed. It’s just a standard registered TLD.

It’s interesting how few responses here mention this. Why memorize two or more names for the same box/service when DNS easily handles it?

DHCP clients set their own internal DNS names internally or are forced at the DHCP server. Static addresses via MAC as desired.

They also get handed all the usual SRV records and special record types to find services, like the time server and such.

Truly interesting that split DNS isn’t popular amongst the self hosting crowd.

Type the name of the “thing” after setting it up correctly and you’ll be handed an appropriate address to reach it, no matter which of my networks you’re on.

If you’re a dhcp client you’ll have the proper search domain handed right to you too, no need to even type the domain.tld at all. Just the hostname.

GDI, I have been using internal.registereddomain.com which is 5 wasted characters...