Comment on How to reverse proxy?

• Scrath@lemmy.dbzer0.com ⁨18⁩ ⁨hours⁩ ago

  I’m not the guy you replied to but personally I use a setup called split-horizon DNS.

  1. I have a DNS server running on a raspberry pi which I have set up as the DNS server for all devices in my local network (by setting it in the router).
  2. This DNS server has my domain name as an A record pointing to my reverse-proxy (Nginx Proxy Manager), e.g. example.com would resolve to 192.168.0.100.
  3. Any subdomain I want to use is set up as a CNAME record in my DNS server referring to the previously configured A record with my domain. (jellyfin.example.com => example.com)
  4. Now all requests to the registered domain and subdomain are routed to my reverse-proxy which I configured to forward them to the correct service depending on the given subdomain.

  This is a little bit of a simplification. I also use a cloudflare tunnel to allow access to select subdomains and I have 2 reverse-proxies chained together since NPM can resolve services by their container name as long as they are in the same docker network.

  Also probably important: My DNS server was a pi-hole (until today at least) and did not act as my DHCP server. This meant it had no idea of local device hostnames and therefore was configured to forward queries to local device names to my routers built-in DNS server.

  source

  • DevotedOtter@lemm.ee ⁨14⁩ ⁨hours⁩ ago

    I’m looking to do something like this. I’m uneasy about having the registered domain pointing towards my IP address (partially because I’m unsure of the exact risks and partially because I’d rather do it internally if possible).

    You said you were using pihole. What did you change to and why did you change? Pihole seems the most recommended from what I’ve seen?

    source

    • Scrath@lemmy.dbzer0.com ⁨4⁩ ⁨hours⁩ ago

      You are lucky I haven’t deleted my pi-hole VM yet ;D

      In the Pi-Hole DNS settings I have the following configuration:

      • Upstream DNS Servers => Quad9 (filtered, DNSSEC) both checkboxes for IPv4 checked
      • Under Custom DNS servers I added a line with my routers IP
      • Under Interface settings => Permit all origins. Note the warning written regarding this setting and check whether it applies for your setup!
      • Under Advanced DNS settings I have enabled “Never forward non-FQDN A and AAAA queries” and “Never forward reverse lookups for private IP ranges”. Since according to the warning this would block local hostname resolution note the next setting.
      • Under conditional forwarding I have added this line true,192.168.1.0/24,192.168.1.1,fritz.box. fritz.box was my local DHCP domain name but has since been changed to lan.

      The other settings in Pi-Hole were under the Local DNS Records menu where I added my domain name (let’s call it example.com) to the list of local DNS records and pointed it at the IP of the server running my reverse-proxy. Finally I added each subdomain I wanted to use to the List of local CNAME records and pointed it at the domain I just entered to the other list.

      I can’t perfectly tell you what my router settings were unfortunately since I have recently moved and replaced my fritzbox with a mikrotik router. The main thing you have to do though is to go to the DHCP server settings of your router and set the pi-holes IP address as the DNS server. Note that in the case of the pi-hole being offline for any reason you will be unable to resolve any domains while in this network

      It might be possible to do some sort of failover setup by running a second pi-hole with identical settings but I did not want my network connectivity depending on any device other than my router being on. Hence my move back to using my mikrotiks built-in DNS server which fortunately also supports adding lists for DNS adblocking.

      source
• PlexSheep@infosec.pub ⁨17⁩ ⁨hours⁩ ago

  If you want DNS only in your LAN, you need to self host a DNS server and register this domain locally (by putting it in some config file of yours)

  source