0

I am trying to allow access to our NAS from inside and outside our SOHO network. I have setup a public IP with DDNS, setup the NAT so it let through :80 and :443, and I can access my NAS from outside the network.

However, my router (a Huawei H122-373) doesn't support NAT hairpinning, so all requests made from within the network are dropped. I wanted to try this answer by setting up a DNS in my LAN. However, it won't work with non-recursive DNS clients as they will first ask the "reals" DNS providers.

Here is my setup :

My DNS provider:
my-office.company.com IN A 88.99.11.22 # DDNS to my public IP


My LAN DNS
my-office.company.com IN A 192.168.1.2 # My NAS

I tried setting up NS records from my DNS provide toward my LAN DNS and redirect :53 to my LAN DNS, but again, the clients within the network can't contact the LAN DNS.

Hugal31
  • 101
  • 2
  • It should work. If you setup the DNS server to link to the router as its DNS server, and all clients have their DNS server setup to your local DNS server, you can then add manual entries that should override the real world DNS entries. It will only fail if the local IP is unavailable somehow and as such, the DNS server then fallbacks to the other DNS entry. – LPChip Aug 29 '22 at 14:56
  • 2
    Does this answer your question? [I can't reach my own static IP address in my home. I can reach it outside of my home](https://superuser.com/questions/1695890/i-cant-reach-my-own-static-ip-address-in-my-home-i-can-reach-it-outside-of-my) – Giacomo1968 Aug 29 '22 at 15:20
  • 2
    This is called “Split-Horizon DNS” by the way. – Daniel B Aug 29 '22 at 15:38
  • @Giacomo1968 Well, that what I did. @LPChip It works with some DNS client, but not some all. For example `dig my-office.company.com` works fine, but `dig +norecurse my-office.company.com` does not. I might be missing something. – Hugal31 Aug 29 '22 at 15:41
  • your clients are configured to point to the local DNS server, not the router, correct? your DNS server has forwarding enabled and configured, right? you would assign the DNS addresses via DHCP for dynamically addressed systems, and in the IP settings for statically addressed systems. the local DNS server would then forward queries for domains it doesn't host a zone for up to the router, or to a upstream DNS server on the Internet. – Frank Thomas Aug 29 '22 at 17:17

1 Answers1

2

However, it won't work with non-recursive DNS clients as they will first ask the "reals" DNS providers.

The missing part is that your DNS server is supposed to be the "real" DNS provider for LAN devices.

It is already common for LANs to have an internal DNS resolver (e.g. embedded in the router), with its address being announced to devices via DHCP instead of directly announcing an external resolver – your router might be doing that already. (Some apps will nowadays bypass it and deliberately contact an external DNS resolver, often via TLS or DoH, but in most cases the resolver hosted within the LAN is as "real" as any other.)

So in your case, you're supposed to change the router's DHCP server configuration to start advertising the custom DNS server's IP address instead of whatever it currently has.

u1686_grawity
  • 426,297
  • 64
  • 894
  • 966