# Ticket: Improve internal DNS and Tailscale naming ## Metadata - Type: Ticket - Status: Design drafted - Project: Homelab Operations - Created: 2026-06-06 - Updated: 2026-06-06 - Priority: High ## Goal Design and implement a better internal DNS system for homelab services, ideally integrating cleanly with Tailscale. ## Why Current DNS is imperfect: `*.dropcutstud.io` points to the external IP, while OPNsense/Unbound local overrides/exceptions are used internally. Agents repeatedly ask DNS questions that should be handled by a standard naming/access model. ## Scope Included: - Document current DNS behavior - Decide internal naming model for `dropcutstud.io` service names - Evaluate OPNsense/Unbound overrides, split-horizon DNS, Tailscale MagicDNS, and related approaches - Define how service DNS names are registered during VM/LXC deployment - Update VM/LXC template standards once decided Not included: - Public internet exposure for services unless explicitly approved - Full reverse proxy/TLS implementation; tracked separately ## Acceptance Criteria This ticket is done when: - [x] Current DNS setup is documented - [x] Target internal DNS design is selected — dedicated internal DNS service, coordinated with central reverse proxy. - [x] Tailscale interaction is designed at high level — Tailscale should use/reach the internal DNS service for `dropcutstud.io` where practical. - [x] Service naming convention is documented - [x] At least one service name resolves correctly from LAN context — DHCP now advertises Unbound at `192.168.0.124`; all internal names resolve. Tailscale DNS integration remains a follow-up. - [x] VM/LXC service template includes DNS registration steps — template documents DNS registration fields. All ACs satisfied. Tailscale DNS integration remains a follow-up for when Tailscale routing is configured. ## Progress 2026-06-07: - DHCP now advertises Unbound `192.168.0.124` as the LAN DNS server via OPNsense DNSmasq. - All internal `dropcutstud.io` names resolve correctly. - User confirmed `dashboard.dropcutstud.io` resolves on their workstation. - Tailscale DNS integration remains pending and is a separate concern.