News:

Welcome to the Home Network Guy forum!

Main Menu

How to register a DN and setup DDNS ?

Started by Shaggy1, February 18, 2023, 10:37:16 AM

Previous topic - Next topic

Shaggy1

Hi

I have a home setup which uses a dd-wrt router hooked up via pihole dns which sends traffic over a vpn.
I have set things up such that I can access the web server from an external site using my WAN ip address (or the DN url I get by doing nslookup on that adddress)

I'd now like to be able to access a web server running on my local LAN using a DN, but am struggling to understand how this would work and what information I need to do this

I was wondering if anyone might be able to clarify first how this fits into the network infrastructure and second what information I need to give to the DN and DDNS providers to set it up.

From my searches as I understand it the setup should work something like this:
When a request for your DN (the external DN you registered with the DN hosting company) is made from an external network it is sent to the local DNS which sends it down the DNS hierarchy until your local (in my case my ISP DNS) receives the request.
This then forwards it to the DDNS server (that you registered with), which maps it to the WAN ip address of your router and sends the information back to the DNS. The DNS then knows the ip address to route to and the request is received at the WAN side of the router.

There is a DDNS client running on the router which continuously feeds the DDNS server with information about the ip address for the domain, so if the ISP changes the WAN IP the DDNS knows about it and things continue to carry on working (the home DN is still mapped to the correct ip address)


Is that roughly correct ?

Given that is the case:
How does the my ISP DNS know which DDNS server (i.e the DDNS I have registered with) to forward it's request to ?
What information do I need to provide to the DDNS service provider ? just the domain name I buy from the DN provider ?
Do I need to provide any DDNS information when I register the domain name for my host network ?
Is it important which I do first - register the domain name or register with a DDNS service ?
Given my router uses pihole for DNS should my DDNS client be running on the router or on pihole or does it not matter ?


Home Network Guy

Sorry for the delay!

There are a few things to note in all those details:

1. DDNS is simply a service that updates the IP address for the A or AAAA records of your domain name registrar. That is all it does. DDNS services are not involved in any DNS lookups -- it simply updates records of where you purchased your domain name. That's how DNS lookups know which IP address to use for particular domains/subdomains.

2. DNS is essentially a chain of servers: your devices will perform a DNS lookup using your local network DNS server (if you are hosting DNS on your local network, such as Pi-hole like you mentioned). If your local DNS doesn't know the answer, the DNS query will be recursively performed until one of the upstream DNS servers knows the answer to the DNS lookup. At the highest level you have DNS root servers. They are the last stop at resolving DNS queries. If it can't resolve the query, then it returns a response that nothing was found for that domain name. Of course there is lots of DNS caching that takes place so that the root servers don't have to be queried as frequently. I'm not a DNS expert so my explanations may be a bit crude or not 100% correct... the important takeaway is that if your local DNS server can't resolve a domain name, it will use an external DNS server that you have configured (your ISP DNS servers or whatever you have configured as the upstream DNS server in Pi-hole.

3. If your router has NAT reflection enabled, you should be able to access your internal server using the external domain name since it will recognize you are trying to access a local IP address. I actually prefer to use split DNS (or split horizon or split brain DNS, it has several names) since I can create a DNS override that allows me to specify my local IP address for a particular host/domain name. This is more efficient than a redirect and it allows you to directly specify where you want to a host/domain to point to.

I hope this helps you get started. Let me know if you have other questions!

Shaggy1

Hi

Thank you very much for your reply and apologies for not acknowledging earlier, I had thought there were no replies on this.

That gives me a good top level starting point.

So ignoring ddns for now in my current setup, where my pihole points to my VPN suppliers DNS, how would dns look up from my LAN for an external DN look ? I'm thinking something like:
-> Pihole -> my (NordVPN) DNS -> ISP DNS direct ? or forwarded to DNS hierarchy? -> resolution
Not sure if the NordVPN DNS 'knows' my ISPs DNS directly (possibly something in the client config?) or whether it simply forwards the query on to what ever set of servers it uses)
?

I have now registered a DN with an external supplier (GoDaddy) whose A-Record I have pointed (for now) directly at the WAN ip address of the router.
(I have also set up port forwarding for access to a test web server on a local device and can now access that (well at least from my neighbours network) using my registerd DN). 

So accessing from an external network dn look up would go something like:
<type in my DNS> -> GoDaddy DNS -> resolved to my router WAN address (via the DN A-Record I have set)

Would that be about correct ?

I believe the actual set up I am looking for will require changes which is really a question for a separate post, but as a side point, if I set my pihole to point directly to my godaddy DNS do you know if DN lookup queries from my LAN should still work ? Or is there something about using a vpn (for example DN queries are also encrypted) that requires me to send DN lookups via the VPNs DNS ?

Home Network Guy

I think there may be some confusion on using DNS servers to look up IP addresses for domain names and using your own domain name to access your networks.

Either end of your networks can use any DNS servers they like to perform DNS lookups. You do not need to set your upstream DNS servers to the same place where you have your domains registered. You can use Google's DNS of 8.8.8.8 to look up your domain name which is registered through GoDaddy to find the IP address of your networks you are trying to access.

You need to make sure both networks can access an external DNS server like Google, Cloudflare, etc before you can properly resolve the IP addresses you set on your domain name. That means you need to have your VPN configured so that DNS will work for any clients behind the VPN. Verify that both networks can access DNS properly before moving to the next step of troubleshooting.

For your domain name, you just need to set the IP address of the main domain or any subdomains you have created. If your IP address(es) are dynamic, you can use a DDNS client like you suggested to keep them up to date. If you are testing stuff out, you can of course manually set the IPs until you can figure out how to properly configure your DDNS clients.

DNS is one of those things you are better off minimizing the complexity involved because it may very well bite you and make it difficult to troubleshoot what is happening in your networks.

You may want to use the bare minimum DNS first to get things working (such as using the built-in Unbound DNS in OPNsense) rather than Pi-hole. Once you get that working, then you can move over to Pi-hole. I find it easier to get the basic functionality working first and then add one new change at a time until I have everything configured how I want. The reason is that I know for sure which changed broke the configuration and then I can roll back to try again (or try something else).