Custom TLDs for local services.

Pick an unused TLD: choose an unregistered TLD that won’t conflict with real domains, such as .home or .lan. Configure DNS resolver: in my case, AdGuard Home -> Filters -> DNS rewrites -> Add DNS rewrite (*.home points to server’s LAN ip or tailnet ip). Add reverse proxy rules: in my case, using Caddy, create rules such as http://serviceName.home { reverse_proxy localhost:12345 } can also add tls internal to use self-signed certs for this domain. ...

July 1, 2025

How NOT to to bind docker containers to public interfaces.

Recently I’ve set up AdGuard Home to use as personal DNS resolver + filter. I’ve come across this guide and its’ docker compose file. It worked perfectly until I’ve discovered that for past ~10 hours my AGH instance has resolved over 3,000,000 instances of the same URL, resulting in query_log.json taking up most of my system’s free disk space. This is an example of DNS amplification attack, where an attacker used mine (and according to recent posts I’ve seen, other’s) DNS servers to resolve a single domain, resulting in a flood of DNS queries. ...

July 1, 2025