this post was submitted on 25 Nov 2023
1 points (100.0% liked)

Homelab

371 readers
3 users here now

Rules

founded 1 year ago
MODERATORS
 

Objective

Use Nginx Proxy Manager to handle both an internal and external domain. Use new.lan as the internal domain, and external.com as the public facing sites.

Some background

Everything was working lovely using the old.lan domain. I was able to use NPM and set up something like logs.old.lan to access Dozzle. However, after I changed the DHCP subnet in my FWG, I was no longer able to get anything working. I changed the hostname to new.lan as well, yet that hasn't helped either. As shown below, DNS is still just straight up confusing the hell out of me.

Setup

  • Cloudflare is used for my external domain. The root domain has a CNAME to the FWG DDNS domain. Any subdomains that I want to be public, such as XXX.external.com, have a CNAME pointing to the root.
  • Firewalla Gold in router mode. This handles DNS, routing, etc.
  • NUC - My server running all docker containers. The current hostname let's say is new.lan. I have port forwarding for 80 and 443 exposed.

After making the DHCP and hostname changes, I noticed that if I try to ping ANYTHING.old.lan, I get the old IP address. But if I try to ping ANYTHING.new.lan, I get NXDOMAIN issues. Running nslookup -debug is showing:

 ~ % nslookup -debug test.new.lan

Server: 10.189.128.1

Address: 10.189.128.1#53

  

------------

    QUESTIONS:

test.new.lan, type = A, class = IN

    ANSWERS:

    AUTHORITY RECORDS:

    ->  .

origin = a.root-servers.net

mail addr = nstld.verisign-grs.com

serial = 2023112401

refresh = 1800

retry = 900

expire = 604800

minimum = 86400

ttl = 10800

    ADDITIONAL RECORDS:

------------

** server can't find test.new.lan: NXDOMAIN

But for the old one (where the IP is no longer in use by the FWG, and the hostname has been changed), I see:

aaronkatz@Aarons-MacBook-Pro ~ % nslookup -debug test.old.lan 

Server: 10.189.128.1

Address: 10.189.128.1#53

  

------------

    QUESTIONS:

test.athena.lan, type = A, class = IN

    ANSWERS:

    ->  test.old.lan

internet address = 10.0.0.144

ttl = 0

    AUTHORITY RECORDS:

    ADDITIONAL RECORDS:

------------

Name: test.old.lan

Address: 10.0.0.144

I'm pretty sure there is something VERY basic I am missing relating to networking and this equipment, but I am just hitting my head against the wall at the moment. Any help is greatly appreciated!!!

top 2 comments
sorted by: hot top controversial new old
[โ€“] rsauber80@alien.top 1 points 11 months ago

If firewalla gold uses unbound it may be rebind protection blocking your requests. I ran into the issue with pfsense and it was very frustrating.

The fix for me was adding the domains to a config file for 'private-domain' before unbound would forward it.

[โ€“] multidollar@alien.top 1 points 11 months ago

Maybe I missed it, where is the DNS server in this story?