Comment on [question] Help me access my local homeserver using a public domain name
aaravchen@lemmy.zip 7 hours agoIf you’re just trying to do this within your home network, you’re doing what’s called “split DNS”, where the DNS in your home network is different from the global DNS.
I do this for services I host, though usually I can also access them remotely as well, just from a different IP address. The easiest from the TLS certificates (TLS is what gives you the S in HTTPS) is to use DNS-01 challenges for tour LetsEncrypt/ZeroSSL certificate generation.
TheHobbyist@lemmy.zip 7 hours ago
Thanks for your response. Indeed, this is only for myself within my home network. No split DNS required, the public DNS record mentions my local private IP address which of course will only resolve to my homeserver from within my home network and will not lead anywhere for anyone else from any other network. That’s all what makes this great. Yes, I did the DNS challenge as I mentioned in my OP and retrieved a wildcard certificate for all my local needs :)
aaravchen@lemmy.zip 7 hours ago
Saw that, I just wasn’t sure if you knew why it worked, which is why I mentioned it again. Glad you figured it out.
aaravchen@lemmy.zip 7 hours ago
Ah, that’s why it’s not working with Firefox then too. Firefox comes with one of the secure DNS options turned on by default (DoH), which guarantees it will always reach a public DNS server and not get trapped into one from your home router, a cafe’s router, or your ISP. Since it knows the DNS will always be public, it also knows that the 192.168.10.20 address is not routable on the internet where it found it. S ome malicious sites can use a DNS record with a non-public IP address like this to get you to run JavaScript in your browser from the site you visited, to attack a device on your home network. So Firefox blocks that IP address from public DNS replies.
Generally people will have a home router that allows them to have their own recursive DNS where they can insert their own records to things within their home network, and will disable the DoH or DoT (“secure DNS”) settings in their browsers as the way to do this. Putting the private IP in the Public DNS record doesn’t hurt though, it just might get stopped by various modern security protections is all.
TheHobbyist@lemmy.zip 7 hours ago
That is in fact not it. I left the default firefox DNS setting. I simply enabled
network.trr.allow-rfc1918
from within theabout:config
which allows the resolution of local IP addresses. It now works. All my DNS are public, I make no use of any private, local DNS.