Choose a host naming convention and apply it to all my home LAN devices

[scottmuc]

OK, the title is a bit of a lie. I've already chosen a naming convention. Hosts will be named after things from The Lord of the Rings. This is also result in a named inventory of all of my devices though some of them might not be able to set their own hostname.

Devices to name

• [x] Primary desktop PC
• [x] Mobile phone
• [x] Raspberry PI
• [x] Framework Laptop
• [x] 2014 Macbook Air
• [x] Brother printer
• [x] The 2 Netgear switches
• [x] Miele washing machine
• [x] RIPE Atlas node
• [x] Samsung TV
• [x] Work Macbook Pro

What does naming a device entail?

Follow internal naming standards:

• RFC 8375 - Special-Use Domain 'home.arpa.'
• ICANN - Proposed Top-Level Domain String for Private Use
• RFC 6721 - Special-Use Domain Names and a handy list from IANA
• RFC 1918 - Address Allocation for Private Internets
• SO comment that makes a case for .internal

Some resolution criteria

• The device FQDN is resolvable.
• The device self identifies as its chosen name.

Organizational Tasks

• [x] Folder per hostname (e.g.: $REPO/fellowship/frodo)?
• [x] Ansible inventory file to rule them all (and in my local intranet, bind them) (will do this once more ansible orchestration starts happening)

[scottmuc]

Mapping Names to Devices

Primary desktop PC - Gandalf

This is my main workhorse machine. It sometimes transforms as it runs Windows, but also Ubuntu. It plays games and I use it to write code. It's where the magic happens.

Raspberry PI - Pippin

Pippin sings, as does my PI since it's my music streaming server (oh, and it starts with the letters P and I too). It's also my ad blocking DNS server. Which makes me want to build a secondary and name it Merry.

Framework Laptop - Frodo

The device that comes out on adventures with me.

Mobile phone - Sam

The ever-present companion. It's a Samsung Galaxy 7 that is reliable and refuses to quite since 2018.

2014 Macbook Air - Gollum

A machine well past its prime. It's so old that Apple no longer supports it with macOS updates.

Brother printer - Denethor

An important relic of the past, but you can't live without one here.

The 2 Netgear switches - Kili and Fili

No reason for picking them except that they go well together as a pair.

Miele washing machine - Elrond

Notice how clean everyone's clothes are when in Rivendell? Heck, Elrond likes to keep things so clean it got the river to wash those pesky Nazgul that were chasing Frodo (according to the books, Arwen somehow did it in the movies).

RIPE Atlas node - Palantir

A foreign device that's sitting on my network that provides visibility to my ISP uptime and performance.

Samsung TV - Sauron

If this isn't the always-present eye, I don't know what is. Saurung?

Work Macbook Pro - Treebeard

Given I am at Mechanical Orchard, it makes sense to name it off of one of the great tree-herders of all time.

[scottmuc]

Council of Elrond (ref)

Picking the TLD for my home sent me down a rabbit hole of Internet governing bodies.

The choice is between:

• .home.arpa. as pitched by IETF in RFC 8375. This might be more Internet of Things related though.
• .internal. as pitched by ICANN and backed by the likes of Google and Amazon. This is appearing to become a de facto standard soon.
• .home.scottmuc.com because I own/rent .scottmuc.com. It's argued the that using a registered domain in a valid TLD is prudent, but it still points to .internal. as being the safest choice.

With all that said, I'm going to use .internal, and possibly use .middleearth.internal. or .fellowship.internal. :-D

[scottmuc]

Some More Lore of the Rings (LAN hostname TLDs)

Look at this again and seeing that .internal is a pretty hot topic in Internet news:

• https://www.theregister.com/2024/01/29/icann_internal_tld/
• https://www.theverge.com/2024/1/30/24055534/web-private-network-internal-icann-name
• https://tech.slashdot.org/story/24/01/30/113232/icann-proposes-creating-internal-domain

I also came across an article by good ol' djb on local-dns. Using numbers as TLDs sounds interesting and fun but way too sophisticated for what I'm trying to do.

Decision Made

I'm going to use .internal, specifically, .middle-earth.internal.. It's a bit long, but I'll broadcast that as the default search domain of my network. .fellowship.internal. lost out because it wouldn't be accurate if I have non-fellowship names in the network. There exists many of proponents of .home.arpa., and I think that would have worked just fine too.

Key learning from this is that Internet standards are still evolving and that .local. can could break in unexpected ways depending on what devices you have on your network, so it's best to avoid it.

[scottmuc]

Current State

Some devices don't seem to be getting assigned the IP that I statically defined for them in my dnsmasq.conf. I'm not sure if they are honoring the DHCP lease time. I'm not super concerned about these devices yet, though I do want them to be easily discoverable so I can do some form of LAN network security scanning (e.g: nessus).

I'm working through all my uses of the IP addresses and replacing them with their .middle-earth.internal. hostnames. Except for use cases that require IPs (e.g.: resolv.conf or anything DNS related).

Now wondering if I can add PTR records so that reverse lookups will function correctly. Been over 20 years since I've ever managed this type of record and not sure if it's something one does for a LAN.

[scottmuc]

1 Password

Since 1 Password associates logins with a URL, I need to update all my internal login items with the new hostnames

• [x] Update all LAN 1 Password login items

[scottmuc]

All Devices Using Static IPs Now

Below are the dnsmasq-dhcpd logs that show devices getting their new IPs. One can identify the printer getting reassigned with the line static lease available. Other devices needed a restart (washing machine, ripe device, switches...) to get the new IP after the correct dnsmasq.conf was applied.

My router now displays devices on the network with the new IP addresses. Since the router is not a dhcpd server, it's not registering the names of the hosts so I edited the device names myself.

Documenting the inventory of devices has been made and looks like the following:

[scottmuc]

Summary

I haven't encountered any problems so far. I like that it's easy to ping my phone from my PC:

~ ? ping sam
PING sam.middle-earth.internal (192.168.2.14) 56(84) bytes of data.
64 bytes from 192.168.2.14 (192.168.2.14): icmp_seq=1 ttl=63 time=157 ms
64 bytes from 192.168.2.14 (192.168.2.14): icmp_seq=2 ttl=63 time=6.43 ms

My network is better documented than it was before. My network appliances also exposed admin web UIs with default credentials so I quickly ensured those have strong passwords now. It's very easy now to look at security scanning of my network and start closing ports that don't need to be open.

This task has made me think running unbound is a bit redundant now given the more things I'm asking dnsmasq to do. Next task will be to look at switching to dnsmasq as my ad-blocking dns resolver as well as registering DHCP hostnamess. This way I can switch assigning IPs because I intend to use name base addressing going forward.

Another task will be to update my WiFI SSIDs. I don't think fsociety and passwordsniffer cut it. Maybe shire and rivendell or lothlorien.

Oh, and maybe give a hostname to the router. Maybe mordor is a good name because beyond its gate is a world one does not simply venture into.