Are you still using direct IP adresses to log in and manage your servers? Well, time to move off that and onto the magic of DNS.
First off, who can remember IP addresses like 2001:db8::b19:b00b:e1f:babe
and 203.0.113.69
? Sure 1 or two is managable, but we humans can't remember numbers like this easily. Instead words and phrases are much better. Using DNS to handle all of this would be so much better. Rather than having to log into your server with ssh rob@2001:db8::cafe:babe
you could instead do ssh rob@bigfatserver.example.com
.
Doing this is super simple. First up, you buy a domain. That's fairly simple these days. Use your provider of choice(I like PorkBun and Ryamer, self plug here). Then you just point DNS record to your server's IP(s). That's it. Really.
And now we have some DNS records:
And when we look at the records via our command line:
And now we are ready to log into our machines using the DNS records rather than IP addresses:
╰─○ ssh root@example.internal.rishipanthee.com
The authenticity of host 'example.internal.rishipanthee.com (2001:db8::b19:b00b:e1f:babe)' can't be established.
ED25519 key fingerprint is SHA256:SLelThis/WIsNotRealJ7q/69aYouGotScammed4OXzL2Qs.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'example.internal.rishipanthee.com' (ED25519) to the list of known hosts.
root@example.internal.rishipanthee.com's password:
And that's it. You are now using DNS rather than direct IP to log into your services. You can even use this internally within your own house. Got a service running on 192.168.1.69
? Just point a domain to that ip and you will be able to access it over the domain.
First off, lets point our domain to the IP:
And now look:
I don't have to remember the IP that I use for the service and can access it over the domain. Why wouldn't anyone want to do this? If you use something like Pihole locally, you can add records that just resolve within your internal network so the records aren't public either.
Another benefit is that you don't have to change much when you move server providers/change IPs for some other reasons(sometimes your provider forces you to do so). No need to update scripts to point to the new IP address. Give DNS a little while to propagate(use a low TTL and it'll do the trick, 0 means no caching usually). Less work is the way to go.
It's Always DNS
People love to blame DNS. But the thing is, that usually DNS issues are caused by people misconfiguring DNS entries. The chance that you have issues because of your resolver is honestly low. Just switch to DNS already.