Is there such thing as internal "domains"

[MrDKOz]

Hi,

 

I'm wondering if anyone could point me in the right direction, I have a single server on my home network and it hosts multiple pieces of software/services that I would like to access using an address, rather than their current URLS:

1. TeamCity (http://turing:81) - A TeamCity server used to automate builds of my projects hosted on BitBucket
2. Ocotopus Deploy (http://turing:95) - An Octopus Deply server used to deploy the builds built by TeamCity
3. Various Local (http://turing:100-100+) - IIS instances where various projects are deployed, the port numbers start at 100, and increment for each project (only have 2 on there at the moment, but there could be more)

So, ideally, what I'd want to achieve is something such as:

1. TeamCity - http://teamcity.jdturing.com
2. Octopus Deploy - http://octops.jdturing.com
3. Various Local - http://site(1, 2, 3, etc).jdturing.com

I'm okay with these only being accessible locally (if this is possible), some of them I may want externally accessible in the future. I already only the domain jdturing.com.

 

I know there's a way you can essentially "create" a TLD for internal use, but I've heard this is generally bad practice, and being able to have my projects/services under one domain would be beneficial.

 

Not sure if what I'm asking is a lot, or it's quite easy and I just lack the knowledge. Any help would be appreciated.

 

Note: In case it's needed, the server I'm currently using is running Windows 10 Enterprise LTSB.

 

Any help would be appreciated

[dj_ripcord]

I think you need to be running a DNS forwarder/resolver.

 

Config it so that it sees those domain names as being on an IP address that is on your LAN. It will then intercept DNS requests for those domains and supply the Local IP to the clients.

 

BTW, this is something that a high-class firewall would offer, such as PfSense.

[Mira Yurizaki]

If that's a little over your head to try, you can also edit the hosts file to map the domain name to the IP address.

[MrDKOz]

12 minutes ago, dj_ripcord said:

I think you need to be running a DNS forwarder/resolver.

 

Config it so that it sees those domain names as being on an IP address that is on your LAN. It will then intercept DNS requests for those domains and supply the Local IP to the clients.

I'll give this a go, I know Windows has a DNS server you can install so it seems like the easiest way to go, will just have to work out how to "register" certain URLs so it knows their local. Thank you.

 

5 minutes ago, M.Yurizaki said:

If that's a little over your head to try, you can also edit the hosts file to map the domain name to the IP address.

While I know this would work, I'd have to apply the hosts file to each of the machines on my local network and that'd be a pain, I'm going to give the local resolver a go, and see how that fairs, might have to do a bit of reading but won't be too bad.

[brwainer]

The issue you’re going to have is that a DNS name only provides the browser with the IP address, not the port. There is a type of DNS entry called a service that includes port information, and some things like Minecraft support this, but web browsers do not.

[MrDKOz]

4 minutes ago, brwainer said:

The issue you’re going to have is that a DNS name only provides the browser with the IP address, not the port. There is a type of DNS entry called a service that includes port information, and some things like Minecraft support this, but web browsers do not.

That certainly sounds like a roadblock, I'm hoping that once I have the DNS resolver up and running, I can change the URLs of both TeamCity and Octopus to the sub-domains listed above (without defining ports), and that will be picked up. Fingers crossed.

[beyonddc]

There's many ways that you can accomplish this.  I will list out couple ways that I used before

• Modify the hosts file on all computers on your network that you would like to access by hostname instead of IP.  The host file for Linux should reside in `/etc/hosts` and the host file for Windows should reside in `C:\Windows\System32\drivers\etc`
• On a Linux system, installs dnsmasq and use it as your DNS server.  You can set your DNS on your router or on individual computer.  Simply modify `/etc/hosts` to set your hostname to IP mapping
• On a Linux system or Raspberry Pi, install pi-hole and use it as your DNS server.  Pi-hole actually uses dnsmasq but provides ads-blocking feature.  After installing pi-hole, modify `/etc/hosts` to set your hostname to IP mapping.  If you want to go a bit fancy, you can also deploy pi-hole as a Docker container.

Out of the three methods, I am currently using the 3rd one that is deploying pi-hole.  I am deploying it as a Docker container.

 

Updated that I saw you are running a Windows server.  I believe you can still deploy pi-hole as a container through Docker on Windows platform.

[MrDKOz]

3 minutes ago, beyonddc said:

Updated that I saw you are running a Windows server.  I believe you can still deploy pi-hole as a container through Docker on Windows platform.

I've heard a lot about Docker, it does seem to sound like something I should really investigate/start using. I'll have to have a look, thank you.

[dj_ripcord]

Another idea:

 

If you don't want to use a firewall config, have you heard of PiHole?

 

PiHole is designed to run on a raspberry pi (or any linux distro) and it actively blocks ads on your network BEFORE the computer even receives them. Which can actually help decongest things if you have a lot of clients browsing the web.

 

The reason I say this is because PiHole WILL resolve local hostnames if you edit the /etc/hosts file.

[beyonddc]

4 minutes ago, MrDTuring said:

I've heard a lot about Docker, it does seem to sound like something I should really investigate/start using. I'll have to have a look, thank you.

This is my `docker-compose.yml`.  It's the configuration I used to start pi-hole from my CentOS system.  The extra-host section tells Docker to inject those hostname to IP mappings into `/etc/hosts`

 

version: "3.5"
services:
  pihole:
    image: pihole/pihole:v4.0_amd64
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "80:80/tcp"
      - "443:443/tcp"
    environment:
      # enter your docker host IP here
      ServerIP: 192.168.10.120
      # IPv6 Address if your network supports it
      ServerIPv6: 2601:189:4200:eb2:250:56ff:febf:d245
      # jwilder/proxy envs, see readme for more info
      PROXY_LOCATION: pihole
      VIRTUAL_HOST: pihole.local
      VIRTUAL_PORT: 80
      TZ: "America/New_York"
      DNS1: 208.67.222.222
      DNS2: 1.1.1.1
      WEBPASSWORD: randompassword
    # Add your own custom hostnames you need for your domain
    # extra_hosts:
      #   Point any of the jwilder virtual_host addresses
      # to your docker host ip address
      # - 'pihole.yourdomain.local:192.168.1.55'
    volumes:
      - '../volumes/pihole/:/etc/pihole/:z'
      # WARNING: if this log don't exist as a file on the host already
      # docker will try to create a directory in it's place making for lots of errors
      - '../volumes/log/pihole.log:/var/log/pihole.log:z'
      - '../volumes/dnsmasq.d:/etc/dnsmasq.d:z'
    restart: always
    extra_hosts:
      - "jenkins0.homelab:192.168.20.140"
      - "jenkins1.homelab:192.168.20.141"
      - "jenkins2.homelab:192.168.20.142"
      - "jenkins3.homelab:192.168.20.143"
      - "gitlab.homelab:192.168.20.144"
      - "nexus.homelab:192.168.20.145"
      - "tfs.homelab:192.168.20.146"
      - "jenkinswin1.homelab:192.168.20.147"
      - "jenkinswin2.homelab:192.168.20.148"
      - "jenkinswin3.homelab:192.168.20.149"

 

[Alex Atkin UK]

Of course if none of your PCs are going to be on 24/7 then getting a Pi and running Pi-hole makes the most sense.

You don't want to be pushing DNS on your whole network to a machine that isn't always running.  A Pi would likely pay for itself in electricity saved if it means you don't need to keep a PC running.

[LAwLz]

Like brwainer said in this post, DNS based suggestions will not work.

On 10/30/2018 at 8:24 PM, brwainer said:

The issue you’re going to have is that a DNS name only provides the browser with the IP address, not the port. There is a type of DNS entry called a service that includes port information, and some things like Minecraft support this, but web browsers do not.

 

So things like Pi-hole will not help you at all in this situation since it will just point things like

http://teamcity.jdturing.com and http://octops.jdturing.com to the same IP, and in that case it's up to the program you're using to decide which port to use (if it's a browser, port 80).

 

 

What you need is to run a http proxy on the server hosting all this, and then use a virtual hosts and map those to different subdomains.

I don't know if ISS can do this, but I know that Apache and nginx can.

Look up the documentation for virtual hosts and reverse http proxies.

 

Another solution is to create multiple virtual network interfaces, assign them each different IPs and then bind the web hosting services to specific IPs. I don't know how to do this with Windows and ISS, but I have done it with GNU/Linux and nginx before.