Resolving Domain Name to Private IP AND Public IP Simultaneously

Question

Background

(Skip if not interested)

I have a dev server running in my local network. I can reach it easily by private IP (192.168.2.4). I have my firewall ports open on the server for :80 so I can reach my website. So far no problems at all.

I then added a domain name to the flow along with a DynDNS URL and IP updater. I changed the details in my domain NS to forward to my DynDNS url and mask which works. Afterwards, I went into my ISP router config page and gave internet access to the server (through the router) as well as NAT for port 80 to my private IP. Again, great success. I can reach this page while on a network that is public and outside my local network.

Problem

Obviously, when resolving my domain name in my local network it resolves to my routers public IP address and just spins forever.

Here is what I would like to accomplish

(but have no idea how)

When going to my domain name, I want the resolution to have my public router IP when outside my network and the private IP when inside.

How I Invision This Implemented

I need to add a DNS server daemon in my server via dnsmasq and then change my router settings to use this server's private IP as my primary and secondary DNS server (in the router settings). I know I need to open the DNS ports in my firewall on the DNS server (which is also my web server).

I know when I leave my network, I am now resolving DNS requests via ISP (data conn) or ISP of the user's network I am connected to (rather than my DNS server which says the address is a private one). So would this solve my desire of public outside the network and private inside?

This is where I get totally lost...

Now that my local devices are looking to my DNS server to resolve things, where on earth do I get a daily listing of top level domains??? Or do I add the primary/secondary DNS servers that I replaced in my router from my ISP, to my DNS servers resolution stack?

How you're trying to solve this at the DNS level is typically called a "split view" DNS which is a DNS setup where in your internal network DNS records resolve to different IP-addresses than when you resolve them outside of your internal network. That is not an uncommon setup, but ... probably not the best solution though. Your actual problem is that the port forwarding on your router is broken. See this Q&A for a description of the problem : https://serverfault.com/a/557776/546643 -- You should be able to fix that if you have some control over your routers configuration — Bob, Mar 18 '21 at 17:01
https://en.wikipedia.org/wiki/Split-horizon_DNS - *"are looking to my DNS server to resolve things, where on earth do I get a daily listing of top level domains???""* you don't - you configure your name server to forward all requests that are not for your own domain to the DNS servers of your ISP — Bob, Mar 18 '21 at 17:10
@HermanB thanks for all your help, now reading what you sent through and will let you know how it works — GoreDefex, Mar 18 '21 at 17:18
Configure a local DNS server with a private zone for your local resources and as a resolver for all other DNS domain names. This is called split-brain or split-horizon DNS. There are several DNS servers such as Bind (named), Windows Server DNS, etc that can handle this easily. This DNS server is internal to your network only and is not made public. — John Hanley, Mar 19 '21 at 02:38
@HermanB As soon as I setup DNSMasq on the server, turn off the server firewall and point my ISP configuration page for my router's DNS to my private IP of the DNS server, all DNS resolution for the entire house fails. I added to the /etc/dnsmasq.conf file with `server=8.8.8.8` and then another line below of `server=8.8.4.4` and everything. The options I am using are, domain-needed, bogus-priv, no-resolv, server= entries, cache-size-750, dhcp-mac and dhcp-reply-delay (which both those last 2 came already setup this way) — GoreDefex, Mar 19 '21 at 14:19

bjoster · Accepted Answer · 2021-04-06T15:22:38.613

2

[...] the private IP when inside.

You could just add this host to your hosts file. If this is needed on more than one client, just generate a zone with that name on your DNS server. This would be a Split-Brain oder Split-Horizon Setup, then.

edited Apr 06 '21 at 15:22

answered Mar 31 '21 at 12:56

bjoster

4,423
5
22
32

How do I "generate a zone"? – GoreDefex Apr 01 '21 at 12:04
That depends on your DNS server, there is no general answer to this. If you need advice for that, ask a question containing name and version of your DNS server software. – bjoster Apr 06 '21 at 15:23