Use DNS Not IPs

in Programming & Devlast year (edited)

Are you still using direct IP adresses to log in and manage your servers? Well, time to move off that and onto the magic of DNS.

First off, who can remember IP addresses like 2001:db8::b19:b00b:e1f:babe and 203.0.113.69? Sure 1 or two is managable, but we humans can't remember numbers like this easily. Instead words and phrases are much better. Using DNS to handle all of this would be so much better. Rather than having to log into your server with ssh rob@2001:db8::cafe:babe you could instead do ssh [email protected].

Doing this is super simple. First up, you buy a domain. That's fairly simple these days. Use your provider of choice(I like PorkBun and Ryamer, self plug here). Then you just point DNS record to your server's IP(s). That's it. Really.

image.pngSneak Peak Of The Ryamer DNS Management Screen

And now we have some DNS records:

image.png

And when we look at the records via our command line:

image.png

And now we are ready to log into our machines using the DNS records rather than IP addresses:

╰─○ ssh [email protected]
The authenticity of host 'example.internal.rishipanthee.com (2001:db8::b19:b00b:e1f:babe)' can't be established.
ED25519 key fingerprint is SHA256:SLelThis/WIsNotRealJ7q/69aYouGotScammed4OXzL2Qs.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'example.internal.rishipanthee.com' (ED25519) to the list of known hosts.
[email protected]'s password:

And that's it. You are now using DNS rather than direct IP to log into your services. You can even use this internally within your own house. Got a service running on 192.168.1.69? Just point a domain to that ip and you will be able to access it over the domain.

First off, lets point our domain to the IP:

image.png

And now look:

image.png

I don't have to remember the IP that I use for the service and can access it over the domain. Why wouldn't anyone want to do this? If you use something like Pihole locally, you can add records that just resolve within your internal network so the records aren't public either.

Another benefit is that you don't have to change much when you move server providers/change IPs for some other reasons(sometimes your provider forces you to do so). No need to update scripts to point to the new IP address. Give DNS a little while to propagate(use a low TTL and it'll do the trick, 0 means no caching usually). Less work is the way to go.

It's Always DNS

https://isitdns.com/

People love to blame DNS. But the thing is, that usually DNS issues are caused by people misconfiguring DNS entries. The chance that you have issues because of your resolver is honestly low. Just switch to DNS already.

Sort:  

Very usefull post! I didn't know the ssh command also accept domain name. 1000 times better than use the ip

!discovery 32

Learn something new every day :) Glad to have helped. Hopefully we get even more people to go full in on using DNS in most places rather than hard coding IPs.

I have subdomains for everything.. looking up/trying to remember ip addresses is a pain in the butt!

If only you use the server you don't even need to buy a domain. Just add the name-ip pair to /etc/hosts and you can access it as a virtual domain.

A much easier solution for those of us with grown up OSs is to add alias myserver='ssh -i ".privKey.file" [email protected]' to our ~/.bashrc file and start a new terminal session.

Then your login experience looks more like: myserver

What happens when you have to change your IP on that server? Going to have to update the alias to the new IP :). If you use DNS, boom no change to make there, and the alias will just work without any changes. Gotta combine tricks to get best setup.

true dat... one additional trick I use is to keep a list of my server aliases in a 'servers' alias because i can't even remember all my shortcuts

I've been using Termius to do most of that for me. Allows me to group stuff which is quite useful.


This post was shared and voted inside the discord by the curators team of discovery-it
Join our Community and follow our Curation Trail
Discovery-it is also a Witness, vote for us here
Delegate to us for passive income. Check our 80% fee-back Program

Awesome work! And you have great talent at coding!

#freecompliments

I use the ~/.ssh/config file for these kind of configurations. You can configure a lot more options on the ssh connection that way. See for example https://linuxize.com/post/using-the-ssh-config-file/