Comment

Comment on [question] Help me access my local homeserver using a public domain name

Thanks for your response. Indeed, this is only for myself within my home network. No split DNS required, the public DNS record mentions my local private IP address which of course will only resolve to my homeserver from within my home network and will not lead anywhere for anyone else from any other network. That’s all what makes this great. Yes, I did the DNS challenge as I mentioned in my OP and retrieved a wildcard certificate for all my local needs :)

source

Sort:hotnew top

aaravchen@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago

Yes, I did the DNS challenge as I mentioned in my OP and retrieved a wildcard certificate for all my local needs :)

Saw that, I just wasn’t sure if you knew why it worked, which is why I mentioned it again. Glad you figured it out.

source
aaravchen@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago
Ah, that’s why it’s not working with Firefox then too. Firefox comes with one of the secure DNS options turned on by default (DoH), which guarantees it will always reach a public DNS server and not get trapped into one from your home router, a cafe’s router, or your ISP. Since it knows the DNS will always be public, it also knows that the 192.168.10.20 address is not routable on the internet where it found it. S ome malicious sites can use a DNS record with a non-public IP address like this to get you to run JavaScript in your browser from the site you visited, to attack a device on your home network. So Firefox blocks that IP address from public DNS replies.

Generally people will have a home router that allows them to have their own recursive DNS where they can insert their own records to things within their home network, and will disable the DoH or DoT (“secure DNS”) settings in their browsers as the way to do this. Putting the private IP in the Public DNS record doesn’t hurt though, it just might get stopped by various modern security protections is all.

source
- TheHobbyist@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago
  
  Since it knows the DNS will always be public, it also knows that the 192.168.10.20 address is not routable on the internet where it found it.
  
  That is in fact not it. I left the default firefox DNS setting. I simply enabled network.trr.allow-rfc1918 from within the about:config which allows the resolution of local IP addresses. It now works. All my DNS are public, I make no use of any private, local DNS.
  
  source
  - aaravchen@lemmy.zip ⁨2⁩ ⁨weeks⁩ ago
    I think you found it was exactly what I said? You worked around it by changing a specific setting directly in Firefox that disables the exact check I mentioned without needing to disable all of private DNS in Firefox though.
    
    source