Orange DNS and accessing services on local network with Domain name
When setting up my homelab, I encountered a pretty weird issue related to my Internet Provider Router box.
Using the same address for accessing my website on local network and external network. This is to simplify and configure services with external http addresses rather than local one. Because external ones probably wont change that much over time. And if I use a laptop both in and out I prefer my bookmarks to remain the same
Disclaimer: Accessing your services through a domain name should work the same from internal and external networks. This has only been observed, with Orange (a french provider) and only with a specific model of their router altough it’s the pro one.
The problem
So I had created Nextcloud service, that I can access from nextcloud.mydomain.fr. When using my phone connected to internet with 4G I can access nextcloud. But on the localnetwork request timed out.
-
Receive an external request to his address on a specific port.
-
Look to his NAT table, and if a rule has been made
-
Forward request to a specific device on the specified port.
Investigating a bit after thinking there was something wrong with my setup. I found using tracert (traceroute) that my router was sending the request to the outside, but was completely ignoring the response and didn’t route it to my server.
Firstly, the orange box is poorly designed and it is probably a bug, but it has never been fixed tough. I supposed, that the router ignore request that came from himself.
A DNS record, point to a public IP address, my router address precisely. When my router receive a request from nextcloud.mydomain.fr it resolves to my public IP address.
The router is like Hum well the request come from inside and resolve to my public address well, I’m gonna ignoring it. So it times out….
The solution
I did not find a nice solution by tweaking parameters and values for the router portal.
I had to host a DNS server on my local network… I choosed pihole as DNS server, because it can act as a Network wide addblocker for all the family and added a nice value over my provider DNS.
Pihole uses DNSMasq to manage DNS rules. To achive my goal, I should add a rule that say every thing containing mydomain.fr points to my reverse-proxy (or the server that hosts nextcloud).
So I created a new dnsmasq file (03-services.conf) and added :
address=/mydomain.fr/192.168.1.200the first '/' allows to forward *.mydomain.fr to 192.168.1.200 (it is an example IP not my real one.)
Well so pihole is up and running. But isn’t provided by the DHCP configuration.
So I need to head to my router portal (http://192.168.1.1) and modify DHCP configuration. I need to add the pihole as primary DNS, doing the inverse would lead to the same behaviour and won’t work.
It’s done. To test it, I need to renegociate DHCP configuration ( or reboot my computer). Trying to access nextcloud.mydomain.fr … …. … YAY ! it works !
Things worked as wanted. At least I thought so.
Few days later my father came by, and told me that television don’t work anymore. It happened because the television box also get the primary DNS using DHCP. And so was using my local DNS to resolve my provider’s IPTV.
To solve this issue I had to dig a bit more on my provider forum, finding other people that had overriden their DHCP configuration to use another DNS. And found out which domain name I need to sent back to the original DNS.
To do so I needed to had another DNSmasq configuration (02-orange.conf) with the content :
server=/orange.fr/192.168.1.1server directive forward all *.orange.fr requests to my router IP (192.168.1.1)
Rebooted the TV box, and surprise… It worked !
That how I achieved to access my services from Internal and External Network using same domain name.