You’d think with how often android is updated ridding us of this technical debt is very easy. Disable multicast DNS, add a hidden setting tucked away in a menu somewhere to re-enable it. Ez pz.

No it must not lol what? The RFC says “may”.

And more importantly the devices don’t, it’s very noticeable via wireshark. The only multicast traffic comes from Android, every other OS does not bother, ironically not even Mac OS, whom is responsible for the whole Avahi/Bonjour nonsense to start with.

That would make the names much longer but would protect me against some asshat buying .lan as a new gTLD.

Another user pointed out that .home.arpa seems to be reserved, thus hopefully protected from TLD hijack which is what I’m worried about as well. I’d make it .homelab. I wonder if one can restrict recursion on certain domains?

If one server is marked as authoritative, but to recurse for other things, will it recurse for it’s authoritative domain, or give NXDOMAIN?

I do own a domain name via cloudflare so I might just utilize that, but I don’t like it.

It’s assigned in my local DNS server, cheers.

My devices should not be going around making assumptions about what is and isn’t assigned by someone else somewhere when the only thing that should concern them is what the DNS server tells them is the case.

Also NAT does literally nothing other than being a massive PITA, so… yeah, I don’t think there’s much I can agree with in your rant.

Only true if you don’t know what you’re doing. The only reason any network is safe at all is NAT and Firewalls that come with it.

I don’t have to worry about devices on a local network in as far as firewalls go, I can expose anything I want, in fact I delete iptables at first sight on any new distro install or VM, so long as none of it is port forwarded and everything is behind NAT it’s all okay. My network is my castle. Thanks technology! Thanks smart people for figuring this out!

Once you wrap your head around the fact your computer has IPs assigned statically or by DHCP per interface per network, not like a MAC address per device as IPv6 wants it to be which is the wrong way to think, you won’t have any more trouble with NAT.

Like, oh no, fully functional point to point connectivity across the internet, how terrible

Yes when you start out you may think so, but as you get into it you realise that actually complexity exists because it serves a purpose. IPv6 has to bolt on privacy extensions and then also still include NAT and actual tons of space for loopback because it’s fundamentally incompatible with how the internet works otherwise.

And yes, practically it’s a security nightmare to have any IP of any computer accessible from the internet. If you go around configuring firewalls forever you might get it right but oh boy one mistake and you’re done for. Instead, consider NAT, the solution to all problems. I’m writing this behind quadruple NAT rn and it’s honestly fairly easy to manage, I’ve been too lazy to change it, not that I’d advise anything more than 1 necessarily.

Edit: .home.arpa is actually designated as local TLD, and is what I use for a crappy old tablet that doesn’t support mDNS

Yikes! That’s a lot to type to hammer in a nail that sticks out (Android). Thanks but no thanks. I’ll find some way to cripple mDNS on the non-compliant device instead.

So are you saying you run some sort of mDNS server(not sure what the word would be there)/provider? Why? How?

So why does Google enforce mDNS when it leads to this confusion?

Everywhere else, Windows, Linux, iOS, etc etc. as far as I can tell mDNS doesn’t happen with .local as the default, nevermind only option.

Only the android devices throw a fit because of Google enforcing bizarre legacy technology of use to no one.

Maybe there’s a way to hint to the problematic android devices that it’s a no-no by restricting all multicast traffic of any kind on network level? Is that even possible?

How you measuring this? Looks very neat.

A custom bash script will do the job then. You might not want to use docker though as that adds a lot of complexity when it comes to communicating back to/from the host.

Doesn’t really keep to your requirements but check out cockpit. It monitors CPU/memory/disk/network of the host it’s on, it can monitor KVM virtual machines, it’s not docker afaik but simple to set up, uses your Linux login, has a terminal you can use straight in the web UI to get whatever info you’re missing, it uses pmcp and pmlogger for all the info so the number of processes and ports is fairly low.

Dunno about configs, and I’m not sure if/how it can set up alerting though. I tried looking with a basic Google search but only this numbnuts “Neo” guy popped up on his circlejerk forum https://community.unix.com/t/how-to-configure-notification-in-cockpit/377055