Closed scottmuc closed 3 months ago
This is my main workhorse machine. It sometimes transforms as it runs Windows, but also Ubuntu. It plays games and I use it to write code. It's where the magic happens.
Pippin sings, as does my PI since it's my music streaming server (oh, and it starts with the letters P and I too). It's also my ad blocking DNS server. Which makes me want to build a secondary and name it Merry.
The device that comes out on adventures with me.
The ever-present companion. It's a Samsung Galaxy 7 that is reliable and refuses to quite since 2018.
A machine well past its prime. It's so old that Apple no longer supports it with macOS updates.
An important relic of the past, but you can't live without one here.
No reason for picking them except that they go well together as a pair.
Notice how clean everyone's clothes are when in Rivendell? Heck, Elrond likes to keep things so clean it got the river to wash those pesky Nazgul that were chasing Frodo (according to the books, Arwen somehow did it in the movies).
A foreign device that's sitting on my network that provides visibility to my ISP uptime and performance.
If this isn't the always-present eye, I don't know what is. Saurung?
Given I am at Mechanical Orchard, it makes sense to name it off of one of the great tree-herders of all time.
Picking the TLD for my home sent me down a rabbit hole of Internet governing bodies.
The choice is between:
.home.arpa.
as pitched by IETF in RFC 8375. This might be more Internet of Things related though..internal.
as pitched by ICANN and backed by the likes of Google and Amazon. This is appearing to become a de facto standard soon..home.scottmuc.com
because I own/rent .scottmuc.com
. It's argued the that using a registered domain in a valid TLD is prudent, but it still points to .internal.
as being the safest choice.With all that said, I'm going to use .internal
, and possibly use .middleearth.internal.
or .fellowship.internal.
:-D
Look at this again and seeing that .internal
is a pretty hot topic in Internet news:
I also came across an article by good ol' djb
on local-dns. Using numbers as TLDs sounds interesting and fun but way too sophisticated for what I'm trying to do.
I'm going to use .internal
, specifically, .middle-earth.internal.
. It's a bit long, but I'll broadcast that as the default search domain of my network. .fellowship.internal.
lost out because it wouldn't be accurate if I have non-fellowship names in the network. There exists many of proponents of .home.arpa.
, and I think that would have worked just fine too.
Key learning from this is that Internet standards are still evolving and that .local.
can could break in unexpected ways depending on what devices you have on your network, so it's best to avoid it.
Some devices don't seem to be getting assigned the IP that I statically defined for them in my dnsmasq.conf
. I'm not sure if they are honoring the DHCP lease time. I'm not super concerned about these devices yet, though I do want them to be easily discoverable so I can do some form of LAN network security scanning (e.g: nessus
).
I'm working through all my uses of the IP addresses and replacing them with their .middle-earth.internal.
hostnames. Except for use cases that require IPs (e.g.: resolv.conf
or anything DNS related).
Now wondering if I can add PTR
records so that reverse lookups will function correctly. Been over 20 years since I've ever managed this type of record and not sure if it's something one does for a LAN.
Since 1 Password associates logins with a URL, I need to update all my internal login items with the new hostnames
Below are the dnsmasq-dhcpd
logs that show devices getting their new IPs. One can identify the printer getting reassigned with the line static lease available
. Other devices needed a restart (washing machine, ripe device, switches...) to get the new IP after the correct dnsmasq.conf
was applied.
My router now displays devices on the network with the new IP addresses. Since the router is not a dhcpd
server, it's not registering the names of the hosts so I edited the device names myself.
Documenting the inventory of devices has been made and looks like the following:
I haven't encountered any problems so far. I like that it's easy to ping my phone from my PC:
~ ? ping sam
PING sam.middle-earth.internal (192.168.2.14) 56(84) bytes of data.
64 bytes from 192.168.2.14 (192.168.2.14): icmp_seq=1 ttl=63 time=157 ms
64 bytes from 192.168.2.14 (192.168.2.14): icmp_seq=2 ttl=63 time=6.43 ms
My network is better documented than it was before. My network appliances also exposed admin web UIs with default credentials so I quickly ensured those have strong passwords now. It's very easy now to look at security scanning of my network and start closing ports that don't need to be open.
This task has made me think running unbound
is a bit redundant now given the more things I'm asking dnsmasq
to do. Next task will be to look at switching to dnsmasq
as my ad-blocking dns resolver as well as registering DHCP hostnamess. This way I can switch assigning IPs because I intend to use name base addressing going forward.
Another task will be to update my WiFI SSIDs. I don't think fsociety
and passwordsniffer
cut it. Maybe shire
and rivendell
or lothlorien
.
Oh, and maybe give a hostname to the router. Maybe mordor
is a good name because beyond its gate is a world one does not simply venture into.
OK, the title is a bit of a lie. I've already chosen a naming convention. Hosts will be named after things from The Lord of the Rings. This is also result in a named inventory of all of my devices though some of them might not be able to set their own hostname.
Devices to name
What does naming a device entail?
Follow internal naming standards:
.internal
Some resolution criteria
Organizational Tasks
$REPO/fellowship/frodo
)?Ansible inventory file to rule them all (and in my local intranet, bind them)(will do this once more ansible orchestration starts happening)