Running Your Own TLD?

raindog308

I was going to setup a domain for my internal lab and while I could just subdomain something, I thought why not use a separate domain...except for the cost.

But then I thought, why not setup my own self-hosted TLD like .raindog308? Sure, no one else on the Internet would recognize it but if I setup a caching nameserver or two and pointed my stuff at it, I could get both my own self-hosted root domain and everything else...right?

Maybe not. From some googling, it seems I'd have to copy all the other roots and keep them updated manually. I don't think you can inject just one new TLD...but I could be wrong. Setting up a completely different DNS universe is pretty straightforward but superimposing on the existing one may not be.

Has anyone done this? Is it difficult? How to?

To be clear, I am fully aware that this TLD will be non-resolvable to anyone except me.

yoursunny

Before I had my domain, I used .sunny TLD internally.
No need for DNS servers - just use a hosts file, and possibly a script to re-download the hosts file daily.

I no longer use this TLD because nowadays webapps behave differently with and without https.
It's generally not possible to obtain a TLS certificate for domains under .sunny, unless I run a PKI infrastructure too.

elliotc

How about Adguard home with DNS rewrite?

Erisa

When I did this I just told my central DNS server to resolve the individual hostnames to their IPs, there never was any logic for the TLD specifically. For example server1.eri would resolve to a private IP and other hostnames with .eri would too. It worked fine for what it was, but I no longer use it.

FrankZ

I do this with bind on the internal network. The local recursive bind server ns is in the soa of the internal domain.tld zone file which also has the local bind server ip as the ns record. The domain is setup in the named.config file as authoritative. All other tdl's will just naturally be looked up on the interwebs. and like Erisa said above me you just add A records to the zone file.

in /etc/named.conf
set
listen-on port 53 { 127.0.0.1; 192.168.1.252; };

set
allow-query { localhost; 192.168.1.0/24; };
set
recursion yes;

add the zone file.

zone "test.raindog308" {
        type master;
        file "/etc/named/test.raindog308.hosts";
        };

in /etc/named/test.raindog308.hosts

$ttl 3600
test.raindog308.   IN      SOA     ns1.test.raindog308. spam.test.raindog308. (
                        1593927862
                        3600
                        600
                        1209600
                        3600 )
test.raindog308.               IN      NS      ns1.test.raindog308.
ns1.test.raindog308.        IN       A       192.168.1.252
host2.test.raindog308.     IN       A       192.168.1.2

In each node on the network have 1st line of /etc/resolv.conf be
nameserver 192.168.1.252

turdski

As mentioned, you can easily override DNS records with BIND and make a private log file for those requests.
See: https://maciej.lasyk.info/2018/Dec/08/override-dns-records-with-bind-and-response-policy-zones/
Views can also be handy: https://kb.isc.org/docs/aa-00851

ascicode

Get a handshake.

rm_

Unbound can also be pointed to look-up a specific zone on custom servers like this:

stub-zone:
  name: raindog308.
  stub-host: ns1.raindog308.net.
  stub-host: ns2.raindog308.net.

I use a similar setup so that rDNS records can be created and resolved in my IPv6 ULA subnet.

raindog308

Awesome! Thanks all.