• 0 Posts
  • 9 Comments
Joined 7 months ago
cake
Cake day: March 27th, 2024

help-circle





  • arcayne@lemmy.todaytoSelfhosted@lemmy.worldDNS?
    link
    fedilink
    English
    arrow-up
    1
    ·
    2 months ago

    My preferred way of solving this is to run a PowerDNS cluster with DNSDist and keepalived. You get all the redundancy via a single (V)IP.

    Technitium is probably more user friendly for greenhorns, though… and offers DHCP too. Beats pihole by a mile.




  • Apps: SSO via Authentik where I can, unique user/pass combo via Bitwarden where I can’t (or, more realistically, don’t want to).

    General infra: Unique RSA keys, sometimes Ed25519

    Core infra: Yubikey

    This is overkill for most, but I’m a systems engineer with a homelab, so it works well for me.

    If you’re wanting to practice good security hygiene, the bare minimum would be using unique cred pairs (or at least unique passwords) per app/service, auto-filled via a proper password manager with a browser extension (like KeePassXC or Bitwarden).

    Edit: On the network side, if your goal is to just do some basic internal self-hosting, there’s nothing wrong with keeping your topo mostly flat (with the exception of a separate VLAN for IoT, if applicable). Outside of that, making good use of firewalls will help you keep things pretty tight. The networking rabbit hole is a deep one, not always worth the dive unless you’re truly wanting to learn for the sake of a cert/job/etc.