"brad" == brad via WLUG <wlug@lists.wlug.org> writes:
brad> To quickly summarize my problem/question, I’d like to host a brad> nextcloud server at my house and be able to access it with the brad> same hostname whether I’m home or away. brad> I own a domain, let’s call it example.com. Its main DNS record brad> points to a node at digital oceans. However I’d like to host a brad> sub-domain at my house, let’s call it brad> home.example.com. Currently home.example.com resolves to a brad> routable IP address at my house. brad> - When I’m on the road, I’d like to be able to connect to https://home.example.come brad> - When I’m home, I’d like to be able to connect to https://home.example.com. brad> The above works on a well-behaved desktop receiving dns servers brad> via dhcp. Specifically, I have setup local dns to resolve brad> home.example.com to 192.168.1.1. Searching this topic has taught brad> me that this method is called Split-DNS. brad> However android and iOS do not appear to honer my local dns brad> server — I’m not sure why — so they resolve the address to a brad> routable IP and connect from within the private 192.168.1.0 brad> subnet. My firewall sees this and drops it b/c it is a brad> non-routable IP address connecting to the external interface. (I brad> got this info by running tcpdump and watching traffic). Are your iphone and android getting their data from the Wifi network or their phone network? You might need to sniff port 53 traffic on your firewall and see where they're sending queries to. Then you might need to block or redirect those queries to your own internal DNS server. brad> Has anyone attempted something similar? Is there something I’m brad> overlooking? (Probably) I've been meaning to do it myself, putting in a local internal override for my dynamic DNS external name, so I can conncent from both inside and outside (when I'm on the $WORK VPN mostly) without having to remember things. Silly to bounce SSH across the country to get downstairs... but when you sit at a $WORK laptop most days... it's nice to be able to hit home stuff via SSH and screen. brad> My goal is to not do special configurations on enduser devices. What is your firewall or router at home? Depending on what you have, you might be able to block outgoing port 53 traffic, or redirect it to your internal DNS server so those devices get the results you want. I use OpnSense at home, so if that's what you're using, we can work together on this. John