I recently renamed my internal LAN domain name. For some crazy reason I’d thought
.int was not a public TLD and didn’t check at all before using that before the last time I renamed my internal LAN. I had no issues for several years, but I felt with the holidays it was time to move away from this invalid domain internally to something valid.
ciscodude.co this time and registered it. I have an internal hidden master which is only available over IPv6 from the external slaves. I need to build an automated process of maintaining an external and internal view.
While I’m using ciscodude.co internally, I still use ciscodude.net externally. I have several certificates for ciscodude.net include a wildcard certificate. Several A and CNAME records pointed to my external IP, and as I don’t have views set up yet I’m still getting the external IP when requesting internally. As a result I need to perform a hairpin NAT to the reverse proxy that handles that hostname externally, internally.
Basically I’m treating the external IP address like a loopback instead of being bound to the external interface. This will require maintenance in case the Shaw IP changes, but that’s not the end of the world for my internal access.