this post was submitted on 06 Jul 2025
486 points (99.2% liked)

Selfhosted

60210 readers
824 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Who benefits from this? Even though Let’s Encrypt stresses that most site operators will do fine sticking with ordinary domain certificates, there are still scenarios where a numeric identifier is the only practical choice:

Infrastructure services such as DNS-over-HTTPS (DoH) – where clients may pin a literal IP address for performance or censorship-evasion reasons.
IoT and home-lab devices – think network-attached storage boxes, for example, living behind static WAN addresses.
Ephemeral cloud workloads – short-lived back-end servers that spin up with public IPs faster than DNS records can propagate.
you are viewing a single comment's thread
view the rest of the comments
[–] fmstrat@lemmy.nowsci.com 8 points 11 months ago (1 children)

I use a domain, but for homelab I eventually switched to my own internal CA.

Instead of having to do service.domain.tld it's nice to do service.lan.

[–] martin@lemmy.caliban.io 4 points 11 months ago (2 children)

Any good instructions you would recommend for doing this?

[–] eneff@discuss.tchncs.de 3 points 11 months ago (1 children)

use the official home.arpa as specified in RFC 8375

[–] fmstrat@lemmy.nowsci.com 4 points 11 months ago (1 children)

No thanks. I get some people agreed to this, but I'm going to continue to use .lan, like so many others. If they ever register .lan for public use, there will be a lot of people pissed off.

IMO, the only reason not to assign a top-level domain in the RFC is so that some company can make money on it. The authors were from Cisco and Nominum, a DNS company purchased by Akamai, but that doesnt appear to be the reason why. .home and .homenet were proposed, but this is from the mailing list:

  1. we cannot be sure that using .home is consistent with the existing (ab)use
  2. ICANN is in receipt of about a dozen applications for ".home", and some of those applicants no doubt have deeper pockets than the IETF does should they decide to litigate

https://mailarchive.ietf.org/arch/msg/homenet/PWl6CANKKAeeMs1kgBP5YPtiCWg/

So, corporate fear.

[–] lars@lemmy.sdf.org 1 points 11 months ago (1 children)

But home.arpa’s top-level domain is .arpa?

[–] fmstrat@lemmy.nowsci.com 1 points 11 months ago (1 children)

I'm not sure I follow the question. All of the TLD *.arpa is not reserved for private use, only *.home.arpa. So all your internal services are required to be a sub domain.

[–] lars@lemmy.sdf.org 1 points 11 months ago (1 children)

Sounds like you followed.

Now that I’m moving goalposts, why not use .home.arpa subdomains?

[–] fmstrat@lemmy.nowsci.com 1 points 11 months ago (1 children)

Instead of having to do service.domain.tld it's nice to do service.lan.

[–] lars@lemmy.sdf.org 2 points 11 months ago
[–] fmstrat@lemmy.nowsci.com 3 points 11 months ago

I just use openssl"s built in management. I have scripts that set it up and generate a .lan domain, and instructions for adding it to clients. I could make a repo and writeup if you would like?

As the other commenter pointed out, .lan is not officially sanctioned for local use, but it is not used publicly and is a common choice. However you could use whatever you want.