merlin+dnsmasq+ddns - can't seem to force resolve a public natted IP to the local subnet...

ffsb

New Around Here
Good Morning everyone!

I am running an https service on one of my local subnet PC; I am also exposing this same service through merlin to the internet using port forwarding finally I am using DDNS to map my external IP to a proper dns name...
something like:
foo.bar.com -> via DDNS -> external public IP = 1.2.3.4
1.2.3.4 ->merlin which forward port 443 to LAN -> 192.168.0.10:4443

the problem is that I would like my local devices to be able to resolve directly foo.bar.com to the local IP 192.168.0.10 to avoid a round trip through my ISP...
I tried to add the mapping in my /jfss/configs/hosts.add
192.168.0.10 foo.bar.com server1

I tried to add the mapping in /jfss/configs/dnsmasq.add
address=/server1.mydomain.com/foo.bar.com/server1/192.168.0.10

however no matter what, when I try to nslookup foo.bar.com on the merlin machine itself (or one of my local PC) I always seem to get the public IP... note I force the resolution to be done by merlin by running:
nslookup foo.bar.com 192.168.0.1
on the other hand, dnsmasq entries seem to be used as well since I can get the local IP when I resolve server1... it is just a priority order... it seems that they are only used if the external DNS doesn't have the answer....


  • running latest merlin+diversion+dnsmasq and using afraid-ddns (& google ddns for other services... )
  • merlin's internal IP is 192.168.0.1
  • using dns filter to force dns resolution to the router (bypassing a few fireTV because they had an issue with pixelsrv-tls)
  • using openDNS on the WAN config
not sure if it is relevant since I get the error even if I specify 192.168.0.1 to resolve but these are the resolv files:


[email protected]:/jffs/configs# ls -l /etc/resolv.conf
lrwxrwxrwx 1 admin root 16 Oct 30 17:43 /etc/resolv.conf -> /tmp/resolv.conf
[email protected]:/jffs/configs# cat /tmp/resolv.conf
nameserver 208.67.222.222
nameserver 208.67.220.220
[email protected]:/jffs/configs# cat /rom/etc/resolv.conf
nameserver 127.0.0.1
[email protected]:/jffs/configs#
 

ffsb

New Around Here
Meantime I found a solution but it is very kludgy and IMHO there should be a better way...

  1. created dummy "/jfss/configs/extra.dnsmasq.hosts" file with:
    echo "192.168.0.10 foo.bar.com" > jffs/configs/extra.dnsmasq.hosts
  2. created a /jffs/configs/dnsmasq.conf.add file with:
    echo "addn-hosts=/jfss/configs/extra.dnsmasq.hosts" > /jffs/configs/dnsmasq.conf.add
  3. restarted dnsmasq:
    service restart_dnsmasq0
now I can resolve the public DDNS name locally with the local IP....
I also noticed that I can't resolve the public DDNS name anymore even if I specificy a different DNS server (I guess this is a security feature of merlin to overwrite all resolutions according to its policy) - not an issue in my case...

but is there a better way to do this?
 

dave14305

Part of the Furniture
What if you use this syntax instead in dnsmasq.conf.add?
Code:
host-record=foo.bar.com,192.168.0.10
 

ffsb

New Around Here
Actually that doesn't seem to work at all... if I use host-record I can resolve that one entry but it looks like other dns resolution is not happening...

what I tried:

  1. created a /jffs/configs/dnsmasq.conf.add file with:
    echo "host-record=foo.bar.com,other-hostname,192.168.0.10" > /jffs/configs/dnsmasq.conf.add
  2. restarted dnsmasq:
    service restart_dnsmasq0
  3. test fails:
    C:\Users\ff>nslookup www.google.com 192.168.0.1
    DNS request timed out.
    timeout was 2 seconds.
    Server: UnKnown
    Address: 192.168.0.1

    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    *** Request to UnKnown timed-out


 
Last edited:

dave14305

Part of the Furniture
Actually that doesn't seem to work at all... if I use host-record I can resolve that one entry but it looks like other dns resolution is not happening...

what I tried:

  1. created a /jffs/configs/dnsmasq.conf.add file with:
    echo "host-record=foo.bar.com,other-hostname,192.168.0.10" > /jffs/configs/dnsmasq.conf.add
  2. restarted dnsmasq:
    service restart_dnsmasq0
  3. test fails:
    C:\Users\ff>nslookup www.google.com 192.168.0.1
    DNS request timed out.
    timeout was 2 seconds.
    Server: UnKnown
    Address: 192.168.0.1

    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    *** Request to UnKnown timed-out

There's probably a syntax error in the final /etc/dnsmasq.conf. Check your system log when dnsmasq starts.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top