Hard disagree, I’d bifurcate my internal DNS in a hot second before I tried to fix this with static routes. Was internal services aren’t going anywhere in that DNS servers ain’t going anywhere The only time they can figure it should take effect is when it’s needed
Asking a noob to handle static routes is a double ungood situation.
Home gamer with a router that can handle reflection would be rare.
It’s one service that he’s hosting and in control of, and he’s also in control of that internal IP so it doesn’t have to change.
If anything I’d be worried that those VMs and applications in the VMs are getting regular updates. He’s more likely to get intruded through a zero day on one of those hacks than he is to see any serious issues through throwing a couple DNS records around.
fishynoob@infosec.pub 6 days ago
I don’t think OP made two A records here. He simply configured the reverse proxy to point to the VM and the A record to point to the reverse proxy. In my mind, if NGINX is terminating SSL then the only problem could be ports.
Opisek@lemmy.world 6 days ago
Not two A records. From what I understand, OP has an A record pointing to their public IP address. Then, on the local network, OP uses their own DNS server to ignore that entry and instead always serve the local IP when a host on the LAN queries it.
Aside from OP’s devices potentially using a different DNS server (I was only able to solve it for my stock Android by dropping outgoing DNS in my firewall), this solution is a nightmare for roaming devices like mobile phones. Such a device might cache the DNS answer while on LAN or WAN respectively and then try to continue using that address when the device moves to the other network segment. That’s the second likely scenario in my opinion - OP’s devices are ignoring the hacky DNS rewrite and try to access the server via the public IP.
ashley@lemmy.ca 5 days ago
It’s called split horizon dns and it’s not that bad/nightmarish.
Zeoic@lemmy.world 5 days ago
Yeah, you are 100% right. Not only is it not bad in any way, but it is how nearly every single company with internal resources works… It is incredibly common.
iAmTheTot@sh.itjust.works 6 days ago
Couldn’t I troubleshoot this by using a different browser, or even incognito mode? Because when I do that, it still times out. I appreciate the explanation and advice. I’m not too worried about it at this stage only because my service I am trying to get working, Docmost, will really only be accessed from my desktop. Plus, as I said in OP, I am enjoying learning about this stuff and want to figure out why this specifically isn’t working for educational purposes, even if I switch to a different solution.
sem@lemmy.blahaj.zone 5 days ago
To get more information, from the device you are having trouble with, try “dig server.com” from a terminal, or even “ping server.com”. The messages may help you figure out what’s going wrong.
Opisek@lemmy.world 5 days ago
You would also need to color your device’s DNS cache.
fishynoob@infosec.pub 6 days ago
I didn’t think of that. Indeed, DNS caching/using different DNS servers for different devices will break it exactly like what OP is experiencing. Thanks.