“.home.arpa” for A records.

I run my own CA and DNS, and can create vanity TLDs like: a.git, a.webmail, b.sync, etc for internal services. These are CNAMEs pointing to A records.

do not use .local, as tempting as it may be

use .home personally

RFC 6762 defines the TLDs you can use safely in a local-only context:

*.intranet
*.internal
*.private
*.corp
*.home
*.lan

Be a selfhosting rebel, but stick to the RFCs!

I use homelab…org

If you want to avoid problems, use TLD that are assigned for this purpose, for example .home.arpa or .home or .lan or .private etc.

Avoid using .local because its already used by mDNS.

https://en.m.wikipedia.org/wiki/Special-use_domain_name

.uk, but it is an actual .uk that I’ve registered.

I Just use a .de tld and for all my sites a *.mysite.mydomain.de.

Ssl certs from cloudflare with a dns challenge for internal use.

I’ve got a .com for my internal only services with tls and a .pro for my external facing services. I could probably throw them all on one but because legacy (I didn’t think things through) I have two

I have an io domain - mylastname.io

AD domain is home.mylastname.io

A place I put most apps running on my Kubernetes cluster is *.apps.mylastname.io

Nothing. I have all devices using tailscale DNS and I refer to things in my network by their host name directly.

everything under *.home.mydomain.tld is reserved for internal use.

For those using a pihole for .internal.example.com, how do you deal with DNSSEC on example.com? Or do you just not?

I use .lan for anything local and my public domain is .net for anything publicly hosted.

i have owned a .com since 1997. i use that.

.local is mDNS - and I’m using that, saves me so much hassle with split-horizon issues etc.

I also use global DNS for local servers (AAAA records on my own domain), again, this eliminates split-horizon issues. Life is too short to deal with the hassle of running your own DNS server.