Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Private Domains

A private domain works like your server’s mDNS address, except it also works over VPN and it can be anything. It can be a real domain you control, a made up domain, or even a domain controlled by someone else.

Private domains can only be accessed when connected to the same LAN as your server, either physically or via VPN, and they require trusting your server’s Root CA.

Adding a Private Domain

  1. If you haven’t already, assign a static IP address to your server on the LAN. Refer to your router’s user manual for detailed instructions.

  2. On the service interface page, click “Add Domain” on the desired gateway table and select “Private Domain”.

  3. Enter a fully qualified domain name. It can be anything. For example: domain.com, private.domain.internal, nextcloud.private, nextcloud.fake-tld, or facebook.com.

  4. Click “Save”.

  5. StartOS will automatically test your DNS configuration. If the test passes, the domain is ready to use. If it fails, a setup modal will appear with instructions to configure your DNS server and the ability to re-test.

DNS for Private Domains

Private domains require your gateway to use StartOS for DNS. StartOS will test this automatically when you add a private domain and guide you through the setup if needed. The details depend on your gateway type:

  • Router: Set StartOS as your router’s primary DNS server. All routers support this feature. Refer to your router’s user manual for detailed instructions.

    Warning

    It is possible that StartOS is already using your router for DNS. In this case, you cannot instruct your router to use StartOS for DNS, as this would be circular. If StartOS detects a potential circular DNS situation, it will warn you. To resolve this, switch to static DNS servers so StartOS no longer relies on your router.

  • StartTunnel: SSH into your StartTunnel VPS and run the following command:

    start-tunnel dns defer

Tip

If your private domain is a real domain that you control, you can alternatively configure its DNS record at your registrar to resolve to your server’s LAN IP address. In this case, the StartOS DNS server is not needed.