Table of Contents
TorresVault Local DNS & Domain Architecture
This page documents how local DNS, DHCP, hostnames, and subdomains work throughout the TorresVault network.
It covers:
- Pi-hole local DNS
- Unifi DHCP domain handing
- Short-hostname resolution (ex: `pve1` β pve1.torresvault.com)
- Nginx Proxy Manager integration
- Internal landing page (in.torresvault.com)
- Wildcard DNS behavior
- Local services: Jellyfin, Nextcloud, Kuma, Automation, etc.
Domain Overview
The home lab uses the domain:
torresvault.com
DHCP automatically assigns:
- Primary DNS suffix: torresvault.com
- Search domain list: torresvault.com
This means:
- Typing `pve1` automatically resolves to `pve1.torresvault.com`
- Typing `next` resolves to `next.torresvault.com`
- SSH, SMB, and browser URLs work without typing the full domain
Local DNS Records
Pi-hole acts as the authoritative resolver for the internal network.
| Domain | IP Address | Purpose |
|---|---|---|
| in.torresvault.com | 192.168.1.27 | Internal homepage/dashboard |
| pve1.torresvault.com | 192.168.1.150 | Proxmox Node 1 |
| pve2.torresvault.com | 192.168.1.151 | Proxmox Node 2 |
| torresvault.com | 192.168.1.99 | Nginx Proxy Manager (root) |
These are manually entered into:
Pi-hole β Local DNS β DNS Records
Wildcard DNS
A wildcard rule ensures:
*.torresvault.com β 192.168.1.99
This allows any subdomain to hit NPM unless manually overridden.
Examples:
- `automation.torresvault.com`
- `photos.torresvault.com`
- `kuma.torresvault.com`
- `jellyfin.torresvault.com`
- `wonderfullymade.style`
- `next.torresvault.com`
All are routed through Nginx Proxy Manager (NPM).
Nginx Proxy Manager (NPM) Integration
NPM is located at:
- 192.168.1.99
NPM handles:
- Reverse proxying
- SSL (Let's Encrypt)
- Wildcard certs (optional)
- Access control
- URL rewrites
- Public/Private service segmentation
Each service has:
- A Source domain (ex: jellyfin.torresvault.com)
- A Destination IP+Port (ex: 192.168.1.86:8096)
Why the wildcard rule works
Even though Pi-hole doesn't know the IP of:
`jellyfin.torresvault.com` or `kuma.torresvault.com`
β¦it does know:
*.torresvault.com β 192.168.1.99
Then NPM looks at the hostname and routes to the correct service.
Unifi DHCP Integration
Unifi hands out:
DHCP β Domain Name = torresvault.com DNS Server = 192.168.1.5 (VIP)
Clients automatically adopt:
- DNS search suffix: torresvault.com
- DNS server: Pi-hole VIP
- Hostname resolution: pve1, next, jellyfin, etc.
Short Hostname Resolution
Because DHCP gave the domain suffix:
Typing βpve1β converts automatically into: pve1.torresvault.com
This works for:
- SSH (`ssh nathan@pve1`)
- Putty
- Browser URL bar
- Ping commands
- Apps that accept hostnames
Example Subdomains Used
| Hostname | Public/Internal | Resolves To |
|---|---|---|
| jellyfin.torresvault.com | Internal | 192.168.1.86:8096 (via NPM) |
| next.torresvault.com | Internal | 192.168.1.75:8080 (via NPM) |
| kuma.torresvault.com | Internal | 192.168.1.141:3001 |
| photos.torresvault.com | Internal | 192.168.1.6:2283 |
| automation.torresvault.com | Internal | 192.168.1.92:5678 |
| status.torresvault.com | Internal | 192.168.1.141:3001 |
| torresfamilylights.com | Internal | 192.168.1.27:80 |
Internal Homepage
The internal landing page:
http://in.torresvault.com β 192.168.1.27
Contains:
- Links to every service
- IP-overview
- Friendly UI for family use
This page does not go through NPM (direct IP mapping).
Traffic Flow Diagram
Client β DNS Query β 192.168.1.5 (VIP Pi-hole) β Pi-hole resolving: Local DNS? β direct IP *.torresvault.com? β 192.168.1.99 Else β upstream DNS β NPM at 192.168.1.99 Looks at hostname Routes traffic to correct backend container/VM
Benefits
- Local services resolve instantly
- Short-hostnames work everywhere
- You control the entire internal namespace
- New services can be added in seconds
- NPM handles SSL automatically