DNS for Homelab

Do I need to setup a DNS Server if I wish to use a domain name for connecting to each of my device connected to my Homelab?

And if I wish to use the domain name only inside my network, then will I need to register the domain name with a registrar?

No, if you want to have an internal-only DNS name, you do not need to register it. You can have a local DNS server if you want the name to resolve. Most (good) routers have the option to set a domain name there that is resolved locally. You could use something like “mynetwork.local”. You could even use “mynetwork.com” even though it’s not a valid domain name, but some people don’t feel that it’s proper to use a .com when you don’t really have that name registered. Either way, it will still work. Depending on your router, this may be easy to set up.

1 Like

I would highly suggest not using someone else’s DNS if at all possible. There is a slim chance that you could have a collision with someone else’s domain, and you wouldn’t be able to visit that website or use that service.

In some cases, using a top-level domain which “feels” right, like many people who use “.local” will cause issues on their network because there are reserved TLDs like a .local used for service discovery on the network.

The ideal scenario, if you can afford roughly $15/year, is to register a globally-resolvable domain name. You don’t have to run services there, but by placing that stake in the ground, you can ensure that there are no conflicts. Once you have a DNS domain name registered, you can choose to delegate a subdomain to use for your top-level zone internally. For example, you could use “int.example.com” as your internal DNS domain. Then, each machine in your lab is something like “host1.int.example.com”.

Keep in mind that you don’t have to host your internal DNS outside. Something as simple as a Raspberry Pi Zero W has enough horsepower to run a name server for most home networks.

I agree, I registered the domains that I use in my examples for pretty much the same reason.

I am struggling with implementing this. I own a couple domains and I’d like to set them up so that every container/service/vm on my network gets a FQDN. I’d like some services to be internal only, but I’d also like some to be reachable from the internet.

I would be very interested in a video @jay showing how your DNS is setup so that you have both internal only FQDNs and internet accessible FQDNs. I suspect this might be an issue for most of us because we only get a /32 IPv4 from our ISPs though but still, I could live with alternate ports or an nginx proxy running on the regular HTTPS port/default port for that service that proxies queries to the subdomains using the right ports internally. I remember reading that nginx can also handle other protocols, not only HTTP.

I’ll definitely consider a video on that. But I’ll try to summarize it here for now.

Internally, in your Router or Firewall, you’d configure your DHCP server to issue a specific hostname to each computer or server in your network. This is one of the many reasons I prefer static DHCP reservations to manual static IP assignments. If you have your router control this, you can just force it to apply the domain to everything that connects. I use Pfsense for example, and I forgot what the setting is called, but it basically has every DHCP assignment register a DNS entry in the resolver, complete with the domain name.

If you don’t use DHCP reservations, the alternative is to create a DNS server inside your internal network, and configure it as the default DNS server for everything in your network. Then, you can configure a FQDN for every server inside the network. Using dnsmasq is probably the simplest way to set this up. So for your internal web server for example, you may set it up in your DNS server that myserver.mydomain.com maps to Since all your computers are configured to use that DNS server when looking up names, they will all understand the FQDN.

Externally, you would go to the DNS settings of your registrar, and point the A record there to the static IP address of your home or office network. If your ISP uses DHCP, you can use a Dynamic DNS service which often installs an agent inside your local network, and changes the A record of your Registrar to the current IP of your cable modem. If your ISP can give you a static IP, this is easier - set the A record in your registrar to that of your public IP and you’re all set.

For routing external requests to internal VMs, I would forward all external port 80 and 443 requests to a single NGINX proxy running inside your LAN. You can use virtual hosts within NGINX to proxy all requested traffic to the correct VM.

For example, perhaps you have a single proxy VM with server1.mydomain.com and sever2.mydomain.com as virtual hosts. You’d then add a setting to forward external requests for sever1.mydomain.com to an internal IP of, and configure it to send requests to server2.mydomain.com to Since it’s a proxy, your users will never know the difference.

Thanks for the reply. In my particular case, the domain name doesn’t only host services running on my LAN. For instance, I have lala. example. org that points to a digital ocean instance, but I’d like foo. example.org to point to a service running on my LAN. And I’d like foo. example. org to resolve to the public IP if I’m querying from the internet, or the private IP if querying from the LAN.

Using your explanation, and if I want baz.int.example. org to only work on my LAN, I think I understand that I can omit it from the registrar DNS records and just have it in my local unbound. That way, only devices on the network will be able to resolve that hostname, so that’s covered.

But I don’t know how to do the private/public IP resolving.

I had to add spaces to the hostnames or it wouldn’t let me post if my post has more than two links.

In that case, if I’m not misunderstanding, you can have a separate A record in your registrar for each subdomain. If you want to handle DNS internally, it shouldn’t matter what you do with your external registrar DNS, because your internal instances should be checking your local DNS server before going out to the external one, if that makes sense.

If a FQDN is registered then you have to use a DNS that is usually located at the registrar unless you individually change it. Now some just don’t send it anywhere, but others may try to send it to the domain of the email address you used, however that is usually just for email. What others have mentioned is how companies are set up. They have internal DHCP and DNS that handles all the local traffic and then when it needs to go to the outside world that is passed onto an external DNS. (I’ve simplified this.) If you want to access from outside then you are likely to need port forwarding to whatever server you require access. This is frequently done for web servers, gaming, and similar. However you will need to set up your firewall, and that includes your router’s, to allow this. If you want many to access then you really need to set up a DMZ for your own security reasons and that is more complex.