D
Deleted member 62525
Guest
Split-horizon DNS, split-view DNS, split-brain DNS, or split DNS is the facility of a DNS implementation to provide different sets of DNS information (resolving to different IP address) usually selected by the source address of the DNS request.
In my particular scenario I have the following set up;
1. NAS behind the router to host Plex, DS Drive and DS Notes
2. DDNS with duckdns.org configured on Asus Merlin. This public domain is used to access all NAS services remotely.
3. Lets Encrypt cert generated on Synology NAS using acme client providing SSL for my custom domain.
Objective:
1. Have secure access from all my remote devices to Plex, DS Drive and DS Notes applications.
2. Have secure access to the same applications using the same DNS name locally.
3. Have Unbound return DDNS as local IP when I am on my home network and still allow remote public DNS resolution - return public IP.
In order to accomplish point #3 I added the following lines to my unbound.conf.
private-address: 192.168.0.0/16
private-domain: lan
local-zone: "myhost.duckdns.org" redirect
local-data: "myhost.duckdns.org A 192.168.1.44"
This resulted in unbound DNS resolving my myhost.duckdns.org to local IP when I am on my local LAN and still providing remote public IP (DDNS) when I am remote. As you see, since I use DDNS to resolve public domain it is not a true Split-DNS but it does work for my needs. The LE cert works in both scenarios, local and remote.
In my particular scenario I have the following set up;
1. NAS behind the router to host Plex, DS Drive and DS Notes
2. DDNS with duckdns.org configured on Asus Merlin. This public domain is used to access all NAS services remotely.
3. Lets Encrypt cert generated on Synology NAS using acme client providing SSL for my custom domain.
Objective:
1. Have secure access from all my remote devices to Plex, DS Drive and DS Notes applications.
2. Have secure access to the same applications using the same DNS name locally.
3. Have Unbound return DDNS as local IP when I am on my home network and still allow remote public DNS resolution - return public IP.
In order to accomplish point #3 I added the following lines to my unbound.conf.
private-address: 192.168.0.0/16
private-domain: lan
local-zone: "myhost.duckdns.org" redirect
local-data: "myhost.duckdns.org A 192.168.1.44"
This resulted in unbound DNS resolving my myhost.duckdns.org to local IP when I am on my local LAN and still providing remote public IP (DDNS) when I am remote. As you see, since I use DDNS to resolve public domain it is not a true Split-DNS but it does work for my needs. The LE cert works in both scenarios, local and remote.