top | item 43645339

(no title)

hobo_mark | 10 months ago

I added a fake .com record in my internal DNS that resolves to my development server. All development clients within that network have an mkcert-generated CA installed.

Not so different from you, but without even registering the vanity domain. Why is this such a bad idea?

discuss

szszrk|10 months ago

For home it's not that bad, but there could be conflicts at some point. Your clients will send data to the Internet unknowingly when dns is missconfigured.

It's better to use domain you control.

I'm a fan of buying cheapest to extend (like .ovh, great value) and use real Let's Encrypt (via dns challenge) to register any subdomain/wildcard. So that any device will have "green padlock" for totally local service.

octagons|10 months ago

To be clear, I didn’t register anything. I just have a configuration that serves records for a zone like “artichoke.” on my DNS server. Internal hosts are then accessible via https://gitlab.artichoke, for example.

thot_experiment|10 months ago

I alias home.com to my local house stuff. I don't really understand why anyone thinks it's a bad idea either.

matthewaveryusa|10 months ago

It's not a terrible idea. On a large scale it can lead to the corp.com issue:

https://krebsonsecurity.com/2020/02/dangerous-domain-corp-co...

Honestly for USD5/year why don't you just buy yourself a domain and never have to deal with the problem?

unknown|10 months ago

[deleted]

kreetx|10 months ago

I run a custom (unused) tld with mkcert the same way, with nginx virtual hosts set up for each app.