Solved Searching For The Right Technical Term

[gotnull]

Hi all,

I need some help, I don't know exactly what I am looking for so I would like some advice with what I am trying to do here.

So I play with NAT jails currently, and I would like to :
_ access them using a proper domain name (a fake one see the note below) instead of IP+PORT.
_ avoid the tedious editing file /etc/hosts.

Note: the jails are ONLY available for the LAN so no internet involved.

1. What is the exact term I am looking for? I think is related to proxy but I am not sure, and what I looked at seemed a bit complicated so before making a jump I prefer to know exactly where I am going.
2. What tool(s) can you recommend to me to accomplish this task?

Thanks in advance.

 

[covacat]

just run your local nameserver and create a .local domain
point the devices of interest dns to your local dns
answer the myhouse.local queries and forward the rest to your isp or 8.8.8.8 or whatever
optionally block ads domains (pi hole style)

 

[sko]

If those jails hold offer some kind of web services, you might also want to use a single reverse-proxy (also in a jail), that proxies to all those web interfaces.

The upsides of this:
- you don't have to use a dedicated IP from your subnet(s) for all of those jails. you can even connect them to a host-local bridge or loopback interface so they don't have any direct connection to your subnets (maybe only a restricted uplink via a DMZ network).
- you can easily update/swap out those services behind the reverse proxy by just creating a new jail, install/update & test everything and then point the forwarding rule on the reverse proxy to that new jail.
- only a single webserver (and maybe TLS) configuration to manage and keep up to date. For TLS this also means just a single host that has to handle certificate renewal etc.
- you can use CNAME entries for all those services behind the reverse-proxy, so if you change/move the host or reverse proxy you only have to update a single A-record, not *every* entry.

 

[msplsh]

Split-Horizon DNS is the thing where you serve different zones based on IP source. Since you won't be serving DNS queries outside your network, might not apply, so I guess that would be a Local DNS Responder (server). Have it forward any domain it doesn't know (which is everything, except your fake domain), then change all your resolvers in the network to use it (in DHCP).

 

[gotnull]

Well I won't lie it is going to take me time to digest these information.
Thank you all for your responses.

 

[SirDice]

What is the exact term I am looking for?

Name resolving. Specifically resolving hostnames.

How does this work? Well, an application might want to connect to somewhere.example.com. How does it find the IP address? First the system will look at /etc/nsswitch.conf (nsswitch.conf(5)), this file defines where to look. For hostnames it's specifically this line:

hosts: files dns

Files here refers to /etc/hosts (hosts(5)), so it's going to look there first and try to match a hostname with an IP address. If that fails the next step is taken; dns. This will look at /etc/resolv.conf (resolv.conf(5)) and see if there's a nameserver defined. If there is the system will do a proper DNS lookup of the hostname using that defined DNS server. You can fill an entire book on how DNS works but it's basically a distributed phone book. Instead of looking up names to find a phone number you look up a hostname and get an IP address.

 

[sidetone]

LAN (Local Area Network)? Intranet? Private LAN?

Zeroconf (Avahi, Bonjour, mdnsd, openmdns, mdnsresponder) for automatic DNS resolution? Thread what-is-zeroconf.79651

 

[gotnull]

I figured it out, it appears I could do all that in OPNsense via unbound, it has an option "host overrides" plus a lot of other things that I already forgot ...
covacat comment put me it the right direction, I saw the "query forwarding" thing but could understand the gist of it without cutting off the whole house's internet during the tests (and eventually heard few complains behind ... lol) so I skipped that option and finally found the other solution.

SirDice
Thank you for the name resolving's full explanation! I actually already knew the term but didn't even knew it was my problem here, I probably was overthinking it.
I wasn't aware of nsswitch.conf existence, so I have checked it and read the man page, no need to say that I learned few things.

sko
This thing seems powerful indeed, I've read some blog post and watch videos about reverse-proxy with nginx and I must admit that I have a lot to learn and test to really be comfortable with it, made few test in jails and ... well I have to train a bit more but that's why jails exist

sidetone
Thanks for the link, I'll need to look into it a bit more.

msplsh
I do not think I am ready for that yet, but it's bookmarked, thanks.

Thank you guys for your help