How to setup local domain in local network that everyone
-
To all the experts here is my use case:
I have pfsense netgate 2100 .
I have a server that I use to host various useful lookups. As an example I have a TVheadEnd server which I can view say using a url locally as http://172.XX.X.5:9981/extjs.html - Works fine.
However, the url is not user friendly and I would like to use a domain say
http://myhousehold.tv.com (FOR illustration purpses)
which should work within the household and (local LAN)Is it possible to redirect within pfsense any requests that come to http://myhousehold.tv.com to http://172.XX.X.5:9981/extjs.html ?
OR is there any other solutions that you guys (or gals) that you can recommend?
-
-
R rcoleman-netgate moved this topic from General pfSense Questions on Sep 12, 2023, 3:23 PM
-
@netboy said in How to setup local domain in local network that everyone:
that come to http://myhousehold.tv.com to http://172.XX.X.5:9981/extjs.html ?
Not exactly.. dns has nothing to do with ports.. But you could for sure point myhousehold.tv.com to 172.XX.X.5
-
@johnpoz said in How to setup local domain in local network that everyone:
But you could for sure point myhousehold.tv.com to 172.XX.X.5
Can you please give me some tips?
-
@netboy just go into the dns your using, by default its unbound (resolver) and create a host override for whatever you fqdn is and point it to whatever IP you want..
example: here is one that points kindle-time.amazon.com to my ntp server vs what it resolves to on the public
If your using the forwarder (dnsmasq) you would do it there vs unbound.
Then validate its working by doing a query using your fav dns tool.
-
@johnpoz
Per your post here is the overridehttp://tv.home.com:9981/extjs.html doe not work (must point to working url http://172.16.0.5:9981/extjs.html)
-
@netboy When I enabled it I get
login-to-view -
@netboy why would you put it in the forwarder if your using the resolver??
Put it in the resolver!!
-
@johnpoz Tried this
login-to-viewNo luck! Are the settings right in my resolver?
-
@netboy where is your query using your fav dns tool, dig, nslookup, host??
$ nslookup > tv.home.com Server: sg4860.local.lan Address: 192.168.9.253 Name: tv.home.com Address: 172.16.0.5 -
@johnpoz I am not a network person.....Can you kindly explain for this newbie on networks the pre-requisite for my functionality? I just made up a domain home.com and All i want is if the router catches a certain sudomain domain (made up) it must resolve to a certain URL. From your reply it looks like I need do some setup?
-
@netboy yeah you need to create the host override in the dns your using on pfsense.. The resolver is default and from your error when trying to add it in the forwarder yeah I would say your using the resolver.
You have the host override setup.. Now just validate its working with a simple nslookup command on your pc.
Its possible your browser/pc isn't pointing to pfsense for dns - but simple query with nslookup would tell us that, and also can be used to validate that your override is working.
Even if your host override is setup correctly. If your pc or browser is not pointing to pfsense for dns - then it would never work. Browsers these days like to use doh, pointing to some outside dns without actual confirmation or ok from the user. But a simple nslookup would tell us if pfsense is setup correctly.. As long as your pc is pointing to it for dns.
go to a cmd line on your pc, run cmd
type nslookup tv.home.com
What does it respond with?
-
@johnpoz yeah I know cmd promp :-)
Here is the result of nslookup
c:\nslookup
Default Server: dns.google
Address: 8.8.8.8I think I know where you are going....my lookup goes straight to google instead of router.....
-
@netboy well your pc is pointing to google for its dns.. So no your host override would never work.. Your client need to point to pfsense ip for host overrides to work.
You can setup pfsense to then ask google if that is what you want, but out of the box unbound on pfsense resolves, it does not forward. But what it does after you ask it for looking up other stuff is besides the point. But if you want to resolve tv.home.com to some local IP you have to ask it first.
-
@johnpoz said in How to setup local domain in local network that everyone:
Your client need to point to pfsense ip for host overrides to work.
I NOW understand what you are talking about.......how do I route the client to point to pfsense IP?
-
@netboy Out of the box it would of done that.. You must of changed your dhcp settings in pfsense, or you setup the IP on the box static?
Out of the box pfsense will point all dhcp clients to its own IP.
I on purpose point my clients to my pihole, the 192.168.3.10 address, but then my pihole asks pfsense. But if you didn't mess with those settings by default dhcp client of pfsense would point to pfsense IP as its dns.. And your host override would work.
btw - I noticed in your setup you had pfblocker installed. If clients do not point to pfsense for their dns - pfblocker isnt really going to work.
-
@johnpoz Got it!
Here is the screenshot of LAN
AND the SERVER portion of the screenshot
What you are saying is the SERVER portion should be BLANKED out so that all routes will be thru the pfsense router not thru google - Have I understaood the concept?
-
@johnpoz said in How to setup local domain in local network that everyone:
I noticed in your setup you had pfblocker installed. If clients do not point to pfsense for their dns - pfblocker isnt really going to work.
you are absolutely RIGHT! I was really ignorant.....I have NOW blanked out the server portion and rebooted my PC.
Now the nslookup returns the following:
C:> nslookup
Default Server: router2100.XXX.local
Address: 192.168.0.1 -
-
@netboy .local isn't a very good choice - that is a mdns domain.. You should use something like home.arpa which is the new recommended domain for local use, and is what pfsense now defaults too.
I am in the middle of moving over from my long term local.lan domain, .lan would never be a public tld. But home.arpa is best choice for local domains.
So your tv could be tv.home.arpa for example.. I just have some old ssl certs that have been changing when they expire.. So for example my nas uses home.arpa and my printer, etc..
$ dig nas.home.arpa +short 192.168.9.10 $ dig brother.home.arpa +short 192.168.2.50