RFC 6762 defines the TLDs you can use safely in a local-only context:

*.intranet
*.internal
*.private
*.corp
*.home
*.lan

Be a selfhosting rebel, but stick to the RFCs!

do not use .local, as tempting as it may be

use .home personally

“.home.arpa” for A records.

I run my own CA and DNS, and can create vanity TLDs like: a.git, a.webmail, b.sync, etc for internal services. These are CNAMEs pointing to A records.

Being a bit of a rebel myself. I use ONLY a tld, and where subdomains would be used, I use domain.tld

This has lead me to discover quite a few projects out there that don’t parse domain names correctly, especially when you want to use an email like admin@tld and it cries because you have no dot.

https://datatracker.ietf.org/doc/html/draft-chapin-rfc2606bis-00

I use .host because .internal is too long to type and .local is a pita, but mostly because the browser actually tries to go there instead of some stupid search engine that tracks that kind of info and I don’t have to remember to put a slash at the end.

I use .lan as it’s shorter and IMO nicer looking than .local

I had problems with .local because it’s used for MDNS and too lazy to figure out how that works so now I just use lan but I also own a .com domain so I have started to use that more

maybe not directly answer for you, but I just literally bought 4 domains for 3 euro per year (renews at the same price!) 5 minutes ago :D.

The catch - it has to be 9 numbers.xyz (see https://gen.xyz/1111b for details).

I own lastname.me and lastname.dev and everything public is lastname.me and everything local ist lastname.dev. I don’t have a VPS anymore so the .me domain is a bit useless and only relevant for emails these days but I’d have something like nc.lastname.me for my public next cloud instance and docs.lastname.dev for my paperless instance that I don’t want to have on somebody else’s machine.

I read the answers and I am wondering if I should change what I do.

I use the exact same domains and sundomains internally and externally. I simply have a DNS internally that will answer requests with local IP.

So I don’t have to address my machines with a different name when I am outside or inside.

Can someone explain to me what I missed ?

I don’t self host much of anything in everyday life, but when I’m working on a LAN related project I always use .local. Android now supports MDNS, so I use it pretty much everywhere.

Not sure this is what you want but I have a .one domain setup with local IPs.
So if one server is on 192.168.1.8 I point the domain to that and by visiting https://myserver.whatever.one I get to that server.

dot lan. I don’t need let’sencrypt. I just ceeate my own CA, my own (wildcard) certificates, and install the CA into all my boxes that I want or need to have certificate verification succeeding.

Managed to buy a really sweet domain so using that for both mail and local domain

currently I have names for my machines in my /etc/hosts files across some of my machines

A better way is to set the DHCP server to resolve local too via DNS.

So in my case proxmox.mydomain.com and proxmox both resolve to a local IP…without any need to configure IPs manually anywhere.

On opnsense it’s under Unbound >> Register DHCP Leases

Get a real domain. Then you can use external stuff tonight you want.