Table of Contents:
The regular reader (?) will know that I come from a corporate background of IT, where I used to design and install big data-centre type systems, comprising of many servers (usually clustered) large amounts of tiered storage (fast, medium and slow speeds) and super-fast networking. I’ve written about some of those in the Office Life series of posts.
Since I’ve retired, I’ve relinquished all that malarkey and have some home workstations, tablets and phones: the sort of thing that most households might have nowadays. Of course, I write and run this very website – I am the sole owner, writer, contributor, designer, architect, builder etc. etc. of this magnificent icon of bloggery.
Incidentally, I did write a blog post on how I write a blog post. Very meta, but it’s here: How Do I Come Up With All This Drivel?
Meanwhile, a thought occurred to me. And then; a situation arose.
The dev site
I recently published a post about the demise of VMWare in my home network and it’s replacement: Oracle VirtualBox. VirtualBox is still amazing, by the way and has survived at least two kernel updates on Ubuntu (which would have killed VMWare).
To use my dev site, I need to start the Ubuntu virtual server on VirtualBox, which is installed on my main desktop workstation. Once it boots, I can use my desktop workstation, or my Windows 11 Surface tablet to do what I need to do.
Therein lies not one, but two situations.
Situations arise!
I fully realise that these situations aren’t critical, they aren’t life threatening and nobody would give a monkeys. But they are (to me) bloody irritating.
Situation 1
I’ll write a blog post and post it up on the dev site. I can view it in either Edge or Firefox, but only on the desktop and Surface. I can’t check the post on a phone or a tablet, because my home network is not accessible from those devices. This means that I can’t check whether the post looks OK when viewed on a phone or a tablet.
Situation 2
The same goes for new templates, plugins or other site-orientated changes to the website. I recently wanted a plugin to enable a lightbox style of picture. Meaning that when you clicked on a thumbnail, it would expand to a bigger version. I tried quite a few plugins before settling on one I liked, but I couldn’t check it on a phone or a tablet until it was live.
In the case of a new template, or major changes to the existing style, it’s a case of publishing it, crossing my fingers and hoping it’s OK on a phone or a tablet.
I fully realise that in reality, I get maybe two or three (if I'm lucky) visitors in a week. And they're either bots or hackers. So if the site is broken or doesn't look right, no-one will care! 😁
Issues
The issue is quite simple. Accessing stuff on the internet relies upon something called DNS. It’s basically a service hosted by several places on the internet, that translates a name or a URL into a number, the number being the number allocated to the resource you need to access.
E.g. if you want to open Google’s search page, you type “www.google.co.uk” into your browser. Behind the scenes, your browser asks one of those DNS service providers what number is associated with “www.google.co.uk”. The DNS provider will respond (216.58.204.67 is the actual number for me) and the browser makes all the necessary connections in the background to connect to that page. All this happens very quickly in the background, so you hardly ever notice any delay. I’ve done some further detail on it is this post: Secure DNS.
But on my home network that I’ve configured with a special set of numbers called “private addressing”, those internet-based DNS providers knows nothing of them.
I can eliminate the need to use an internet DNS provider on my home network to an extent, by using something called a hosts file. This is a text-based file on Ubuntu or Windows, that you can edit and match the numbers (the private addressing) to the internal websites. The text file has to be manually created and maintained, so if you add or remove a site, you have to edit all of your host files at the same time.
This is OK for devices that you’re able to edit hosts files on, but on devices like Android or (Cr)Apple, it’s not possible to do that.
Yes, I know that you can edit your phone or tablet's hosts file if you root it. But rooting is (technically) illegal and if your device is still in warranty (which my phone s) it'll invalidate it.
To summarise: my workstations and Surface devices can access my dev website with no issue. My phone and tablets can’t.
Solutions
Amongst many solutions (including rooting phones and manually maintaining hosts files) the better, more elegant solution is to host your own internal DNS server. That way, you can create in one place all of your internal privately addressed numbers and all of your devices will be able to look up the addresses and access the sites.
Problems and caveats
- You have to have a DNS server active all of the time. Unless all of your devices get turned off, of course. Most (like phones) will stay on.
- Mobile devices (like phones and tablets) need to use your home wifi to connect. This’ll only work on wifi for phones and tablets, not using mobile data.
- If you have to have a server active all the time, how bloody much is that going to cost in electricity?
- I want to use secure DNS. What’s the effect going to be if I don’t?
Not insurmountable. But what can I use?
Let’s have some pi(e)
I need something small that doesn’t use much electricity. It only has to run a DNS server, so there won’t be a huge load on the server itself. Windows is out of the question, as it’s a) overbloated anyway and b) it’ll need to run on some half decent hardware to start with (mainly because it’s very bloated with crap you don’t need).
So the O/S of choice is going to need to be a headless Linux server of some flavour. That way, I can only load what I need and I can use BIND as the DNS server (I’ve had a lot of experience with BIND9, so I’m good with it, rather than say, DNSMasq for instance).
I watch a bit of YouTube on the odd occasion and I have my channels that I follow. A few of these have been known to use an Arduino to control LED lights, MIDI interfaces and the like. I thought “I wonder what they’re like” and so the research began. It was not an extensive amount of time, as I pretty quickly discovered that a Raspberry Pi would more than likely fit the bill. I’ve heard of a Raspberry Pi (and an Arduino) but I’ve never before even considered that they would be of use to me. As I said before, I’ve been used to dealing with all the big stuff, so this tiny little computer on a card didn’t even enter my thoughts… until now.
There are some excellent resources on the internet for both buying and configuring Raspberry Pi (or Arduino) hardware. I discuss those – and go into more detail about buying and configuring my Raspberry Pi setup in a post I’ve written about the process of choosing between BIND9 or Pi-Hole as my DNS server of choice.
Secure DNS
Whilst on the subject of other posts, part way through writing this one, I stopped. The reason I stopped was because I’d got to the bit listing the problems and caveats around using my own home DNS server.
The last bit was about secure DNS; which I hadn’t considered in a home environment up until then. I’d been happily plodding along using my ISP’s DNS settings (set by default on my router), and never gave it a further thought.
So I stopped and had a good think about it. That sent me off on a voyage of secure DNS discovery that lasted more than a few days. It turned out to be a longer process than I imagined, resulting in not one, but two extra blog posts on the subject:
- Secure DNS: Something We Should Do? – a post considering what secure DNS is about (and unsecure, for that matter) and why it’s a good idea to use secure if you can.
- BIND9 or Pi-Hole: Which Is Better? – a post not really about one vs the other, but about the process of building and configuring the newly acquired Raspberry Pi server to use either BIND or Pi-Hole.
The overall result
I opted for Pi-Hole and cloudflared for my DNS choices, running on Raspberry Pi O/S Lite on a 2Gb RPi 5 with a 32Gb microSD card. The total cost of the hardware was around £90 at the time I bought it and of course the software is free of charge.
The server sits on a shelf next to my router and stays on permanently. It consumes roughly 5w/hr (120w/day) at the current (extortionate) rate of electricity in the UK, that works out at around 34p per day running costs to keep it ticking away on that shelf. A cost that I’m happy to absorb.
As a result, I can access all of my internal home network resources from any device and I have the added benefit of the statistics, logs and blocking function of Pi-Hole. I also have secure DNS lookups to my public secure DNS provider for all of my internal devices at all times.
I’m going to consider it a job well done.