even though I have a local DNS entry for that domain name.
Easy to diagnose, what does nslookup return for the hostname?
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
even though I have a local DNS entry for that domain name.
Easy to diagnose, what does nslookup return for the hostname?
It returned the local IPv4 address of the server and two IPv6 addresses belonging apparently belonging to a cloudflare server in california.
I think I managed to fix the issue though. I have updated my post to include my solution
Ah that makes sense, if your server has an IPv6 address you could add another A record in Pihole for that. But it sounds like clearing the cache and stuff solved it.
I have the (more or less) same setup. Your DNS entries on your pihole instance should point to the local ip of your server (192.168.x.x).
If thats the case check the dns settings of your router. Under DHCP settings there should be a input field for your dns server. This has to be the local IP of your pihole.
One thing you could do to start diagnosing the Problem is running this command: nslookup servicename.yourdomain.tld
. This should return your local IP and not a public one.
How do you determine that the requests are leaving your Network?
When I use tracert I can see the package going through a server in Frankfurt which is definetely outside of my local network. The final IP address that tracert shows me is from a cloudflare server in california (2606:4700:3033::ac43:b10f) according to this site: https://whatismyipaddress.com/ip-lookup
Using nslookup for my domain I get 3 addresses. The first two are cloudflare addresses in the US. The final one is my servers local IP address.
Pihole seems to upstream your requests although there is a local entry for that domain in your settings. Maybe it has something to do with using IPv6? Maybe your device prefers the cloudflare IPv6 over your local IPv4 address.
Or Maybe your device queries your pihole as well as your Router to get the IP.
Check your current dns server on your device: ipconfig /all
(Windows)
I think I fixed the issue by enabling the Never forward reverse lookups for private IP ranges
option in Pi-Hole. After that I flushed my dns cache again and called tracert for my domain name. I only get one hop directly to my server now. nslookup also shows only local addresses now.
Looking at the output of that command I get the following for my ethernet network interface
DNS-Server . . . . . . . . . . . : fd98:1919:5915:0:3053:4134:bdc9:295d
192.168.1.60
fd98:1919:5915:0:3053:4134:bdc9:295d
Using nslookup on that IPv4 address tells me that all of those addresses are pointing to my pi-hole
nslookup 192.168.1.60
Server: pi.hole
Address: fd98:1919:5915:0:3053:4134:bdc9:295d
Name: pi.hole
Address: 192.168.1.60
I've added another local DNS entry on my Pi-Hole which points the domain I use to the same server but this time uses its IPv6 address. That doesn't seem to help though or it takes some time to update. I flushed the DNS cache on my machine after adding this entry though.
Is there a NAT involved?
In my config, the requests asking for my own servers from the internal network get answered the local address 192.something, and so they cannot get routed 'outside'.
When asking from the outside, I do not answer it, so they get the public address from a public DNS.
I didn't set anything like that up. Is that something that might be enabled by default on my router? If so, how do I check it?
Some things that stand out to me:
You're using your router's default DNS as the upstream server. Try specifying an upstream DNS in the settings instead.
Try Pihole + Unbound
Could you provide an anonymized example of how you set up the local DNS entry? E.g. Domain: sub.domain.com IP: 192.168.X.Y
Thanks for your reply. I think I managed to solve this issue and have updated my post to reflect this. Apparently I had a setting disabled in Pi-Hole which caused my DNS requests to be forwarded upstream for some reason, even though there existed a local DNS entry.
Split DNS is a huge source of headaches. Be really sure that this is the route you want to go. It can easily lead to really weird situations and hard to diagnose errors.
Do you have a better alternative you can recommend? My upload rate isn't all that good so I would like to avoid having more traffic than necessary leaving my network if the target is within my network anyway.
I’m going to get stoned for suggesting this in this community, but if your upstream is poor you should consider hosting it outside. Of course this depends on many things.
The most obvious solution is to have an alias for both ways to actress the service, and configure the service accordingly. It needs a bit of care to set up reverse proxies and certificates and everything but it makes it clear whether you want to connect to the inside or the outside version. Obviously this means that it won’t switch automatically when your connection changes, but that is a feature.
Another option is to keep doing what you’re doing and just is the tunnel.
The final way is just to keep it inside and use something like zero tier or tailscale.
Outside hosting isn't really something I want to consider. I didn't mention this in my post but this setup is for my media server which needs a lot of storage space. I don't know about the pricing for a VPS but I am pretty sure it isn't as cheap as I would want it. Also uploading my media to a VPS with my upload rate would take a lot of time whenever I want to add something new.
Using two hostnames for accessing the same service isn't really an option either unfortunately. The specific part I'm trying to set up is a navidrome server for music. The app I use to access the server is called Symfonium and can only add one address per media server. I could get around that by adding multiple media sources but that would result in all of my media appearing twice in searches.