0

I am trying to allow access to our NAS from inside and outside our SOHO network. I have setup a public IP with DDNS, setup the NAT so it let through :80 and :443, and I can access my NAS from outside the network.

However, my router (a Huawei H122-373) doesn't support NAT hairpinning, so all requests made from within the network are dropped. I wanted to try this answer by setting up a DNS in my LAN. However, it won't work with non-recursive DNS clients as they will first ask the "reals" DNS providers.

Here is my setup :

My DNS provider:
my-office.company.com IN A 88.99.11.22 # DDNS to my public IP

My LAN DNS
my-office.company.com IN A 192.168.1.2 # My NAS

I tried setting up NS records from my DNS provide toward my LAN DNS and redirect :53 to my LAN DNS, but again, the clients within the network can't contact the LAN DNS.

Hugal31
  • 101

1 Answers1

2

However, it won't work with non-recursive DNS clients as they will first ask the "reals" DNS providers.

The missing part is that your DNS server is supposed to be the "real" DNS provider for LAN devices.

It is already common for LANs to have an internal DNS resolver (e.g. embedded in the router), with its address being announced to devices via DHCP instead of directly announcing an external resolver – your router might be doing that already. (Some apps will nowadays bypass it and deliberately contact an external DNS resolver, often via TLS or DoH, but in most cases the resolver hosted within the LAN is as "real" as any other.)

So in your case, you're supposed to change the router's DHCP server configuration to start advertising the custom DNS server's IP address instead of whatever it currently has.

grawity
  • 501,077