Hi everyone,
I have a Synology NAS and a lot of computers in our network connect to it with its public url and we have had some outages of internet recently which made me think of some things.
Basically what I want is that if the DSM domain https://dsm.example.com isn’t reachable it will resolve its local IP https://192.168.1.200. This should be a rule for the whole network and not only manual change on every computer.
I have a lot of dockers running on the DSM which of course are still directly reachable but for example bitwarden is setup with the public address as it needs to sync everywhere.
Ideally this would be like you put in primary and secondary DNS in the modem. So if one isn’t available the second one is picked.
Any help in the right direction of how this can be done, or how this is called is welcome.
Why not so this by default? For internal network have a DNS rewrite with local ip and only for external clients should use a public DNS record?
I want this to be the default behaviour! :D
I have adguard installed in docker as DNS blocker. Can you please elaborate how I would set this up?
It´s easy in AdGuard:
- Go to Filter -> DNS Rewrites
- Add a new DNS-Rewrite
- Domain: dsm.example.com
- IP: 192.168.1.200
Now every client in LAN or Wifi connects directly to 192.18.1.200 while opening dsm.example.com. Outside the local network they will connected to the public IP.
Thank you so much, this is exactly what I was looking for!
Also credits to u/Accomplished-Moose50 and u/GolemancerVekk <3
What’s your DNS resolver for your internal network? Use it to tie that domain name to the private IP you want. The devices that use your internal DNS will always go there – unless they use DNS over HTTPS, like they shipped for default in Firefox recently, in which case you’d have to either disable DoH in Firefox or make an exception for that domain.
If you use DHCP it may also do DNS (like dnsmasq does) so you may be able to distribute the override to DHCP-using devices while still using an exernal DNS for everything else.
I have Adguard running and setup as primary DNS in the modem. So u/Accomplished-Moose50 just named Adguard already as an option to do “magic” there.
Aaaah, I think I get it. So in Adguard there is just the rule to always forward any request to example.com to 192.168.1.200 because that is always true.
Yes that would work! Just have to find out how ^^, I’ll dive into the documentation of adguard.