Local DNS wildcards using raspberry pi

A simple solution for having wildcard DNS domain names à la Cloudflare.

September 1, 2021

I have recently set up a Pi-hole, which serves as both a DNS server and an ad-blocker for my home network. Since then, I've started deploying various web applications on my cluster of three Raspberry Pis. For those who have dealt with clusters before, you might remember the challenge of managing various port numbers. This is elegantly solved by reverse proxy tools like Traefik. However, I encountered another challenge I wanted to address: enabling wildcard DNS using Pi-hole, akin to the feature offered by Cloudflare, to streamline domain management for my applications.

Cloudflare offers a handy feature known as wildcard DNS. It allows for resolving all the names attached to a given domain with just one line, like example.com. Implementing this in Pi-hole isn't straightforward, but it's possible because Pi-hole relies on the dnsmasq tool. Let's log in to the Pi-hole and create a new file under /etc/dnsmasq.d, naming it 99-wildcard.conf. Now, let's define our domain and a wildcard à la Cloudflare:

/etc/dnsmasq.d/99-wildcard.conf
 
address=/casa.dev/192.168.1.5
address=/.casa.dev/192.168.1.5

Since we're implementing this within Pi-hole, we need to restart the Dnsmasq service. In Pi-hole v4 or higher, Dnsmasq doesn't run as a separate service; it runs as part of the Pi-hole-FTL. To restart that service, log in to the Pi-hole and run:

pihole restartdns

or

sudo service pihole-FTL restart

Now, if you open the terminal on one of the computers using the Pi-hole DNS and type:

dig +short casa.dev
# ;; ANSWER SECTION:
# casa.dev.		0	IN	A	192.168.1.5
 
dig +short test.casa.dev
# ;; ANSWER SECTION:
# test.casa.dev.		0	IN	A	192.168.1.5
 
dig +short coco.casa.dev
# ;; ANSWER SECTION:
# coco.casa.dev.		0	IN	A	192.168.1.5

You'll see that the output of the dig command points to the IP address we defined in the Dnsmasq config file in the Pi-hole. It doesn't only resolve the domain name (casa.dev) but also any service attached to that domain (example: service.casa.dev).

Great, isn't it? Whatever I put in front of .casa.dev, the DNS resolves the address immediately and points towards the IP address.