Comment

Comment on [question] Help me access my local homeserver using a public domain name

If you’re just trying to do this within your home network, you’re doing what’s called “split DNS”, where the DNS in your home network is different from the global DNS.

I do this for services I host, though usually I can also access them remotely as well, just from a different IP address. The easiest from the TLS certificates (TLS is what gives you the S in HTTPS) is to use DNS-01 challenges for tour LetsEncrypt/ZeroSSL certificate generation.

source

Sort:hotnew top

TheHobbyist@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
Thanks for your response. Indeed, this is only for myself within my home network. No split DNS required, the public DNS record mentions my local private IP address which of course will only resolve to my homeserver from within my home network and will not lead anywhere for anyone else from any other network. That’s all what makes this great. Yes, I did the DNS challenge as I mentioned in my OP and retrieved a wildcard certificate for all my local needs :)

source
- aaravchen@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
  
  Yes, I did the DNS challenge as I mentioned in my OP and retrieved a wildcard certificate for all my local needs :)
  
  Saw that, I just wasn’t sure if you knew why it worked, which is why I mentioned it again. Glad you figured it out.
  
  source
- aaravchen@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
  Ah, that’s why it’s not working with Firefox then too. Firefox comes with one of the secure DNS options turned on by default (DoH), which guarantees it will always reach a public DNS server and not get trapped into one from your home router, a cafe’s router, or your ISP. Since it knows the DNS will always be public, it also knows that the 192.168.10.20 address is not routable on the internet where it found it. S ome malicious sites can use a DNS record with a non-public IP address like this to get you to run JavaScript in your browser from the site you visited, to attack a device on your home network. So Firefox blocks that IP address from public DNS replies.
  
  Generally people will have a home router that allows them to have their own recursive DNS where they can insert their own records to things within their home network, and will disable the DoH or DoT (“secure DNS”) settings in their browsers as the way to do this. Putting the private IP in the Public DNS record doesn’t hurt though, it just might get stopped by various modern security protections is all.
  
  source
  - TheHobbyist@lemmy.zip ⁨3⁩ ⁨weeks⁩ ago
    
    Since it knows the DNS will always be public, it also knows that the 192.168.10.20 address is not routable on the internet where it found it.
    
    That is in fact not it. I left the default firefox DNS setting. I simply enabled network.trr.allow-rfc1918 from within the about:config which allows the resolution of local IP addresses. It now works. All my DNS are public, I make no use of any private, local DNS.
    
    source
    aaravchen@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago
    I think you found it was exactly what I said? You worked around it by changing a specific setting directly in Firefox that disables the exact check I mentioned without needing to disable all of private DNS in Firefox though.
    
    source