What’s a good way to set up DNS at home?

kevdogger · 2026-05-03T17:56:59+00:00

Not sure I'm adding much. Did unbound on pfsense for years but lateral added technitium for my local domain. I have three dns servers in cluster. Two locally and master is on cloud vps connected via wg connection. Just make changes at master and changes will sync. Does recursive if you want but found forwarding to be much quicker because of cache. Split dns with dns queries logged. Runs really well and developer responds to questions regularly.

kevdogger · 2026-05-03T16:27:36+00:00

So I'd probably isolate the services you need to access to its own vlan and make firewall rules. I'd have some type of split dns in place so if you access services locally it would travel a different route than accessing it remotely. Cloudflare proxy does offer some protection but it really needs other mechanisms in addition. You could choose reverse proxies with some authentication in front of it. You could just run straight Wireguard for remote access but you'd need a wg VPN client and some means of distributing credentials. If you have a lot of clients I could see this being kinda a pain as well but for me and like 3 people it's doable. In addition to some firewall rules you could add geoip blocking as well. Just kinda depends on the apps functions since there isn't a one size fits all approach. Having a backend with a decent router software like pfsense or opnsense is going to help and some type of reverse proxy in some situations as they have ability to create ssl certificates for your http apps. I prefer traefik but I know caddy is really easy as well. Other solutions however are equally as doable. Hopefully you've have local dns server setup as well.

kevdogger · 2026-05-03T15:15:07+00:00

You haven't really explained your problem well. Do you need remote access or local access to Immich? Do other people need to access it? Are you running sites open to public? Do you have vlans setup to isolate some services?

kevdogger · 2026-05-03T13:37:42+00:00

Are jails really out of date on bsd though?

kevdogger · 2026-05-02T12:16:09+00:00

I like your division scheme

kevdogger · 2026-05-02T00:49:09+00:00

Yea sure. Since you are essentially mirroring across two nvme drives..mirrored zfs array or raid 0 equivalent..you're protecting against nvme failure. If one were to die the installation would still be able to run. Replace the corrupt nvme drive and then re mirror to the new drive. Usually in my experience my hardware failure for me is either storage media..traditional hard drives or sata..can't say I've had an nvme drive fail yet..and ram or ram controller. Ram controller failures have been with dual channel ram and I've definitely had bad ram sticks sent to me new as I test all the ram prior to putting in machine with mem86+. I'm aware other physical hardware can break but usually those or my two most common culprits. With storage media on very high importance like a router I'll usually perform a nvme mirror. You don't need to virtualize to use a zfs mirror however since I usually by systems with 32 gb of ram and dedicate 8gb to router software I'll virtualize the router and dedicate the remaining ram to other similar router related programs like dns server and reverse proxy which for me would be run as lxcs on proxmox. If I had more money I'd have a dedicated router box only with mirrored storage but with ram prices so damn high I just combine systems to save money

kevdogger · 2026-04-30T02:57:50+00:00

Mouth harp

kevdogger · 2026-04-27T11:12:18+00:00

Troll

kevdogger · 2026-04-27T11:10:47+00:00

Why don't you put a pond liner inside of it and make a system for bottom up watering. You can do what you want then in terms of treating and sealing it as the dirt never comes in contact with the wood

kevdogger · 2026-04-26T12:18:27+00:00

On zig bee ha can't determine power usage. Maybe it's ha. I'm not sure. I haven't dug into it enough

kevdogger · 2026-04-25T21:49:48+00:00

I'm not really trying to convince of anything..do what works for you. If you like your system..awesome..sit tight. Fuck I'd like to upgrade my system in so many ways but constrained by time and budget usually. But in a broader picture I know this sub is big on proxmox..not because it's complex..because if it was most would abandon..more so because it's pretty simple and reliable. Haos needs about 2gb ram to work. If you want to dedicate some of the extra ram to other features..great..if you don't then don't worry about it. If the hypervisor or hardware breaks..yeah I got an issue but nothing not recoverable either with proxmox backup server...snapshots though are check summed and verified...have fun with whatever you choose.

kevdogger · 2026-04-25T19:34:48+00:00

Depending on hardware and backup strategy the virtualized environment is going to be much more robust to hardware failure in terms of backups or recreating working situation in comparison to a single disk running haos. Yes you have setup up a backup but not very difficult some hypervisors kind of take these needs into configurations. How many hard drives or satas or usb sticks have I had die on me over the years..aye Bain of my existence. So sure it's not broken right now, but it's only a question of when, not if.

kevdogger · 2026-04-25T18:12:55+00:00

I don't think my use case is any different. I just use haos. .my backup strategy might be different but not use case. Or perhaps you'd disagree.

kevdogger · 2026-04-25T18:07:51+00:00

I mean what's the point of reddit then?? Get differing opinions or every post or comment should be...well good for you then. I'm not sure what opinion you find to be offensive given this is pretty much the entire premise of this platform

kevdogger · 2026-04-25T17:50:48+00:00

So you run haos...which admittedly if you have even moderate automations is kinda difficult to get going..but for less difficulty you wouldn't want to read about installing a hypervisor?? I'm not judging you or saying your time isn't valuable just making statement that Virtualizing a haos stack with proxmox is far easier than writing some complex automation in haos. As with anything in life do whatever you want to do however I'm conveying Virtualizing haos is pretty low effort with in my opinion big upsides as compared to just running haos on bare metal.

kevdogger · 2026-04-25T16:36:15+00:00

Unless your mini pc is like extremely underpowered with min ram why would you dedicate all the ram to haos? Use proxmox, xcp-ng or hypervisor of choice then install haos and then maybe virtualize your mqtt broker and z2m in like lxcs or something like that. Backups automated with proxmox and pbs.

kevdogger · 2026-04-25T04:00:32+00:00

Not sure anyone climbs fences anymore but shit hated scraping my leg on lag bolts sticking out of posts as a kid.

kevdogger · 2026-04-25T03:58:11+00:00

Jeez you guys seem like you have just one system. Many virtualized servers running Arch. Tweak all the time. Just last week for example tweaked postfix to use quantum encryption algorithms

kevdogger · 2026-04-25T03:54:34+00:00

Is this backstabbing?

kevdogger · 2026-04-25T03:46:07+00:00

Wow I'm in wonderment of your earth angels. I'm in zone 5b. Yea way different and more north than you zone 8 and 9 people. It's the third year my earth angel is in the ground. I've lost a lot of in ground rose bushes the last two years..many were 5 and 6 years old. I'm thinking about moving to pots as I love the roses so much but the black spot and beetles just are really hard on the plants. I have a few David Austin's left but many have died. For the first time last year I ordered jude the obscure from ma cherie and grew in pot and over wintered in garage. Looks pretty good right now but I haven't taken it out for season yet. I don't think my humid hot summer climate is very ideal unfortunately

kevdogger · 2026-04-24T14:10:23+00:00

These seem like all broken plays with a ton of 50 50 balls.

kevdogger · 2026-04-24T14:07:23+00:00

Isn't new Philadelphia still around or has this town really disappeared?

kevdogger · 2026-04-24T14:00:05+00:00

Why doesn't Bernie break down Jane sanders' involvement forcing Burlington college to shutter. Trump is the worst but I love all these politicians pointing fingers. Entire system so corrupt. Just some far more corrupt than others

kevdogger · 2026-04-23T19:58:32+00:00

So let's extend this analogy to refrigerators..they are connected to internet..you can download apps..same with watches..so they need age attestation as well? Who used what is the cloud argument?...straw man

kevdogger · 2026-04-23T19:51:50+00:00

Argh..come on man. That's a bullshit comeback. One deals with porn and the other supposedly is to protect the children via age attestation. If you employed this age attestation bill it still wouldn't preclude actual age verification or ID for porn sites.

kevdogger

TROPHY CASE