Show HN: Backname.io – every IP address gets its own domain (backname.io)
I was setting up tests involving DNS resolution recently, where something like 127.0.0.1.service.foo would have been tremendously useful. Back in the day, I'd have used xip.io - but sadly that service died.
Well, every excuse is a good one when it comes to writing a DNS server! Backname.io joins nip.io and sslip.io in the wildcard DNS game.
48 comments
[ 3.1 ms ] story [ 340 ms ] threadIs this enough to fool Edge (Windows 10) into allowing you to view your local Apache development environment?
Developing on a webserver that runs locally on your desktop is becoming more an more painful.
https://github.com/FiloSottile/mkcert
Works like magic!
I've done a sorta similar thing to enable HTTPS for local network IPs for IoT: https://news.ycombinator.com/item?id=36593547
The point is some protocols require you to actually resolve a domain name. For example, if you set up a vhost or reverse proxy with Apache or nginx, it will use the domain name to figure out what vhost you were trying to access. When you request a page like google.com the browser resolves that to an IP address, but it sends google.com with the request.
So say you have a reverse proxy at 1.2.3.4. You could make two vhosts: site1.1.2.3.4.backname.io and site2.1.2.3.4.backname.io and it would just work from any browser on your network.
You can do this locally using the hosts file before you set up your DNS for real, but a service like this means you don't even have to do that. Useful for quick experiments.
I guess it's the kind of thing if you need it, you'll know. There's no point looking for a reason to use this.
This is 100% not possible. The Chromecast always hits Google's DNS to resolve the media server's address. Which means you must host your media under a resolvable domain name, exposed to the internet.
This kind of thing (assuming it can resolve through Google DNS) would short-circuit that requirement. You could feed it a domain name that points back to a local address and not expose your server to the internet.
Of course there are other ways around the problem, but this would be far, far simpler. Honestly it seems like it'd be faster and simpler than setting up a subdomain and reverse proxy, which is what I did.
I had to make something similar in the past just for my own use case.
Or CNAME rrdata. Or MX rrdata. Albeit, there is little point in using it this way, as oppose to just add A record in your own domain anyway...
For people without a domain and a static IP, this may be useful too too publish a page, and possibly obtaining ACME tls cert.
127.0.0.1.in-addr.arpa and 127.0.0.1.backname.io are both domains to IP address, yes? That's "forward dns" in both cases, i think.
Isn't the main useful aspect that you can do xyz.1.2.3.4.backname.io where xyz is anything you want? Perhaps you set this up anyway, but would be worth mentioning.
As belltaco says, you can get a (paid) SSL Certificate for IPs.
However there are caveats - it can't be a private IP.
All the paid certificate providers won't issue certs for RFC1918 or other non-publicly routable IP ranges.
So, you'd need to have a public IP, and be able to prove control of it in some way.
If your use-case is TLS Certs on your home/lab/internal networks -- this isn't going to help.
e: To be clear, LetsEncrypt would likely issue for this domain, however they won't be able to verify ownership using the TLS-SNI-01 or TLS-ALPN-01 methods by directly calling 192-168-1-1.backname.io, and you can't meet the DNS-01 challenge requirements because this service doesn't let you set DNS records.
Accessing an IPv4 address on a IPv6-only network with NAT64/DNS64 is only possible if you access that IPv4 via a DNS name that resolves to the IPv4 address. DNS64 will turn your A record into an AAAA record, with the IPv4 address mapped to a v6 addrsss that the NAT64 layer knows how to "undo".
I've seen others need this a few times in practice.
It would be cool to have it as a locally installed custom DNS resolver on the developers computer though.
- Exposing a potentially private IP to an external service
- If testing local IPs, adds a requirement for an internet connection
- Must trust that it will always resolve to the actual IP not another one
- Requires your service to accept a hostname that it likely shouldn't
I have to ask why knowing an IP address would be an issue.
Surely it's not the key point in any reasonably possible exploit.
It's still a private IP.
There is https://ipq.co/ and https://fdns.uk/ that will let you create a name to point to a chosen ip.
See RFC 2308.
I'm not a fan of nodata responses with empty authority, same as nxdomain responses.
Missing TCP listener. While not required by any RFC, some ccTLD Registries enforce udp+tcp before delegating, like .de