What's new

merlin+dnsmasq+ddns - can't seem to force resolve a public natted IP to the local subnet...

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ffsb

New Around Here
Good Morning everyone!

I am running an https service on one of my local subnet PC; I am also exposing this same service through merlin to the internet using port forwarding finally I am using DDNS to map my external IP to a proper dns name...
something like:
foo.bar.com -> via DDNS -> external public IP = 1.2.3.4
1.2.3.4 ->merlin which forward port 443 to LAN -> 192.168.0.10:4443

the problem is that I would like my local devices to be able to resolve directly foo.bar.com to the local IP 192.168.0.10 to avoid a round trip through my ISP...
I tried to add the mapping in my /jfss/configs/hosts.add
192.168.0.10 foo.bar.com server1

I tried to add the mapping in /jfss/configs/dnsmasq.add
address=/server1.mydomain.com/foo.bar.com/server1/192.168.0.10

however no matter what, when I try to nslookup foo.bar.com on the merlin machine itself (or one of my local PC) I always seem to get the public IP... note I force the resolution to be done by merlin by running:
nslookup foo.bar.com 192.168.0.1
on the other hand, dnsmasq entries seem to be used as well since I can get the local IP when I resolve server1... it is just a priority order... it seems that they are only used if the external DNS doesn't have the answer....


  • running latest merlin+diversion+dnsmasq and using afraid-ddns (& google ddns for other services... )
  • merlin's internal IP is 192.168.0.1
  • using dns filter to force dns resolution to the router (bypassing a few fireTV because they had an issue with pixelsrv-tls)
  • using openDNS on the WAN config
not sure if it is relevant since I get the error even if I specify 192.168.0.1 to resolve but these are the resolv files:


admin@frog:/jffs/configs# ls -l /etc/resolv.conf
lrwxrwxrwx 1 admin root 16 Oct 30 17:43 /etc/resolv.conf -> /tmp/resolv.conf
admin@frog:/jffs/configs# cat /tmp/resolv.conf
nameserver 208.67.222.222
nameserver 208.67.220.220
admin@frog:/jffs/configs# cat /rom/etc/resolv.conf
nameserver 127.0.0.1
admin@frog:/jffs/configs#
 
Meantime I found a solution but it is very kludgy and IMHO there should be a better way...

  1. created dummy "/jfss/configs/extra.dnsmasq.hosts" file with:
    echo "192.168.0.10 foo.bar.com" > jffs/configs/extra.dnsmasq.hosts
  2. created a /jffs/configs/dnsmasq.conf.add file with:
    echo "addn-hosts=/jfss/configs/extra.dnsmasq.hosts" > /jffs/configs/dnsmasq.conf.add
  3. restarted dnsmasq:
    service restart_dnsmasq0
now I can resolve the public DDNS name locally with the local IP....
I also noticed that I can't resolve the public DDNS name anymore even if I specificy a different DNS server (I guess this is a security feature of merlin to overwrite all resolutions according to its policy) - not an issue in my case...

but is there a better way to do this?
 
What if you use this syntax instead in dnsmasq.conf.add?
Code:
host-record=foo.bar.com,192.168.0.10
 
Actually that doesn't seem to work at all... if I use host-record I can resolve that one entry but it looks like other dns resolution is not happening...

what I tried:

  1. created a /jffs/configs/dnsmasq.conf.add file with:
    echo "host-record=foo.bar.com,other-hostname,192.168.0.10" > /jffs/configs/dnsmasq.conf.add
  2. restarted dnsmasq:
    service restart_dnsmasq0
  3. test fails:
    C:\Users\ff>nslookup www.google.com 192.168.0.1
    DNS request timed out.
    timeout was 2 seconds.
    Server: UnKnown
    Address: 192.168.0.1

    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    *** Request to UnKnown timed-out


 
Last edited:
Actually that doesn't seem to work at all... if I use host-record I can resolve that one entry but it looks like other dns resolution is not happening...

what I tried:

  1. created a /jffs/configs/dnsmasq.conf.add file with:
    echo "host-record=foo.bar.com,other-hostname,192.168.0.10" > /jffs/configs/dnsmasq.conf.add
  2. restarted dnsmasq:
    service restart_dnsmasq0
  3. test fails:
    C:\Users\ff>nslookup www.google.com 192.168.0.1
    DNS request timed out.
    timeout was 2 seconds.
    Server: UnKnown
    Address: 192.168.0.1

    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    DNS request timed out.
    timeout was 2 seconds.
    *** Request to UnKnown timed-out

There's probably a syntax error in the final /etc/dnsmasq.conf. Check your system log when dnsmasq starts.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top