It's complicated, but yes, that's the idea. Plus, I can access my file server, gitlab server, sync calendars/contacts to my mobile device, have videoconferences, send and receive email... you get the idea. This is all the case now, I'm just rewriting the setup DNS setup scripts to be more reusable for others.
I currently already run 7 production DNS servers. Four of those are recursive DNS servers for my LAN and DMZ.
It would only be two instead of four, but I have two domains and I didn't want an admin of one to be able to mess with records of the other domain. Looking back on it, I probably could have also accomplished that with two servers, but now that I have them set up, I'm unlikely to change it unless I run into an issue. They're low resource utilization and having a couple redundant servers is never bad when it comes to DNS!
The other three DNS servers only resolve my domains. They do not recurse. They would not be useful if the internet went down, as they only speak to things on the internet side. This is because they give out the public IP address, whereas the recursive servers give out the internal IP addresses to local machines.
I also have my own PKI, which means I'll still be able to use HTTPS indefinitely, because I can renew my X.509 certificates. It also handles other TLS connections, sign SSH host keys, and sign SSH user keys... but I'll save that explanation for another time & another thread. 🤓
Hooooly shit! I have a lot to learn. I have been becoming increasingly interested in this "sovereign computing" and its obviously one step at a time, I feel like a boomer trying to learn bitcoin. But I like it. Especially the recursive servers, dealing with local machines. I like the idea of creating my own private, sovereign networks. Huge value there
Thread collapsed
