How to setup router DNS to access website from LAN

I have Netgear R7000, and host a website behind it. The website works if accessing from outside the LAN. If accessing from inside LAN, the website is not accessible, unless:

1) For a mac, ubuntu, add entry in /etc/hosts, such as:

{ip of LAN of webserver} my.site.com

192.168.7.33 my.site.com

2) Then, that computer is able to access website from the LAN.

3) iPhone, iPad, do not work from LAN. iPhone works from WAN!

What is missing in the DNS setting of the router to make everything work?

I don't want to add anything to /etc/hosts.

user3792705

Posted 2019-05-20T19:11:32.027

Reputation: 131

Answers

What is missing in the DNS settings of the router?

You are most likely missing the entries for your LAN DNS server(s) under Advanced → WPS Wizard → Setup → Internet Setup → Name Server (DNS) Address.

This entry normally defaults to Get Automatically from ISP:

ex. Get Automatically from ISP

It needs to be set to Use These DNS Servers:

ex. Use These DNS Servers

Caveats

You'll need your own local DNS server(s) to get this solution working.

Notes

1.2.3.4 above is just an example. This needs to be replaced with IP of the DNS server(s) on your local network.
The LAN DNS server(s) you direct your router to must have an entry for your domain e.g. my.side.com that points to the local IP of your web server (i.e. the same IP you initially put in your hosts file).
For simple setups, using the same IP in both the Primary DNS and Secondary DNS fields is fine. However, you can set up two name servers on your network if you wish.
In order to have continued access to your domain locally or the internet broadly, your LAN DNS server(s) must be on all the time.
Any LAN DNS server(s) must have entries that allow unknown addresses (i.e. anything other than ex. my.side.com) to be forwarded to other name servers that can resolve those queries. This can take the form of the name server querying the root name servers directly or you can set up forwarders. This latter option can be your ISP name servers or a public DNS service such as Google (8.8.8.8/8.8.4.4) or Cloudflare (1.1.1.1).
Any DNS server you decide to use can typically reside on the same server as the one housing your website.

Further Reading

If you want some general tips on setting up BIND (a popular piece DNS server) with a local domain, you may want to have a look at the questions below. The first question is aimed squarely at setting up BIND on Windows, but BIND is also available on Linux and the actual configuration files themselves are often essentially the same.

Anaksunaman

Posted 2019-05-20T19:11:32.027

Reputation: 9 278

Thank you for recommended docs. I tried Google, OpenDNS, and ISP DNS, none of them helped, unless add entry to hosts. Current R7000 firmware V1.0.9.60_10.2.60. I have to assume this version may not support NAT lookback. Or, my Synology NAS's DNS or Directory service (not really enabled even installed) have interference to router DNS setting? – user3792705 – 2019-05-20T21:48:30.120

"You'll need your own local DNS server(s) to get this solution working." < This is the root cause of your issue, OP. The website is behind the router, so it is using a NAT address (a private IP). That is why lookup works from the outside (WAN), but not inside (LAN) - there is no DNS A record living on the LAN for 192.168.7.33 (your website). Configure the DNS A record in your router (if possible), or you will need to setup a DNS server on your LAN. – SamAndrew81 – 2019-05-20T22:48:00.740

Google, OpenDNS, etc. these cannot work because they are public nameservers (WAN). You need a private nameserver to provide DNS for the NAT IP on your LAN. There is a hard line between the two, that being the firewall/router. – SamAndrew81 – 2019-05-20T22:49:56.647

I am using Netgear R7000 router. I could not find local DNS. Someone can help? – user3792705 – 2019-06-18T18:30:10.897

@user3792705 I am using a Netgear R7000 router. I could not find local DNS. -- There is no option to run a local DNS server on the R7000 with stock firmware, unfortunately (assuming that is what you mean). You must have a separate PC on the network that acts as your DNS server. This can be your web server or another computer, but it must remain on consistently to provide an internet connection. – Anaksunaman – 2019-06-19T00:16:45.117

@user3792705 You would then point the Netgear R7000 at that PC for local DNS as described in the answer above. – Anaksunaman – 2019-06-19T00:19:23.617

Thank you. I have Synology NAS server with DNS installed. I created "Master zone"... according to this https://www.laurivan.com/set-up-a-local-dns-with-synology-diskstation/. It's not clear to me: this process has no domain entries. I have 2 domain: hello1.ddns.net, hello2.ddns.net points to same computer name + IP (ubuntu_hello. 12.12.12.12). Where to enter the 2 entries. I did not enter any, except 'Forward 1' to be the R7000 router IP, which seems make it work (but, not sure)

– user3792705 – 2019-06-19T00:27:31.023

yes. "point the Netgear R7000 at that PC for local DNS" worked for me without enter the 2 domains to DNS server. – user3792705 – 2019-06-19T00:36:27.953

I disabled the Synology DNS entry. It still work. I think there are something I don't understand Synology DNS software!!! – user3792705 – 2019-06-19T00:48:22.800

Report back. I am not sure "point the Netgear R7000 at that PC for local DNS" works. I saw some LAN computer work (may be cache), all of them not work, even it's enabled with just router IP in the settings. Questions: what to make R7000 local DNS work in this case. How to enter my 2 domains in the DNS (above testing is without these 2 domains)? – user3792705 – 2019-06-19T03:32:28.230

You are apparently trying to do Nat Loopback, which is connecting from local LAN to the Internet and back again.

You have overcome the problem by using /etc/hosts to associate the website with its local IP address inside your LAN network, therefore avoiding passing through the Internet, but this solution is not applicable for all your devices.

The Netgear R7000 (Nighthawk AC1900) is said to support Nat Loopback by Netgear itself, and this is also verified by user tests, so it is puzzling that it doesn't work for you.

Try to upgrade the firmware of the Netgear R7000 to the latest version, and it it doesn't work then call Netgear Support.

In a pinch, you could try using a third-party firmware, such as Tomato or DD-WRT, but that is a dangerous operation, and in addition it is not guaranteed to help.

harrymc

Posted 2019-05-20T19:11:32.027

Reputation: 306 093

I can confirm that the R7000 definitely supports NAT loopback (NAT hairpinning). – Anaksunaman – 2019-05-20T21:32:13.950

Current firmware V1.0.9.60_10.2.60. I remember updated 3 months ago. Little afraid to upgrade to v1.0.9.64_10.2.64 recommended as of today. If NAT lookback should work, but it does not in my case. Another details, I have Synology NAS, DNS and Directory service are installed, but not used at present. Not sure if it affects NAT lookback in R7000. – user3792705 – 2019-05-20T21:44:13.637

1You can backup the R7000 before upgrading. – harrymc – 2019-05-20T21:54:51.930

@user3792705 I run version V1.0.9.64_10.2.64 and (anecdotally) loopback seems unaffected (i.e. it works fine, as does everything else, apparently). – Anaksunaman – 2019-05-20T22:10:37.920

Upgraded to V1.0.9.64 on 6/10/2019. R7000 not able to solve the problem. – user3792705 – 2019-06-18T18:18:25.707

I can't think of anything else to try, except on the router adding port-forwarding to that computer from the Internet. If that does not help, the conclusion would be that the documentation is wrong and the R7000 does not support Nat Loopback. – harrymc – 2019-06-18T19:02:53.560

I add routing to /etc/hosts. It works in LAN. Same laptop on WAN not work, as it uses /etc/hosts domain entry, which is LAN ip. – user3792705 – 2019-06-18T19:11:10.180