• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to access a subdomain within the LAN

Scheduled Pinned Locked Moved DHCP and DNS
7 Posts 3 Posters 2.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mukethamike
    last edited by Oct 22, 2015, 2:02 PM

    Hey Team,

    Am having an issue accessing my subdomains within the LAN setting. My external clients have easy access to the internal resources.

    Am using pfsense as DNS server and a Nginx server as a proxy server.

    Is Split DNS Configuration the way to go?

    Thanks in advance

    Michael

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Oct 22, 2015, 2:04 PM

      Can you give some actual details..

      Are you using pfsense as your dns?  so you have host.sub.domain.tld and pfsense is pfsense.domain.tld ??

      But normally yes split dns is much better option than any sort of nat reflection..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • M
        mukethamike
        last edited by Oct 23, 2015, 5:53 AM

        Thanks Mr. Johnpoz

        Yes am using Pfsense as my DNS. am quite new to Pfsense. This was a task channeled to me which i accepted.

        For actual details have like 6 sub domains and forwarded port 80 to my domain IP given by my ISP to the Nginx server in the local LAN.

        This is all the info. i have for now, and after lots of research i saw that Split DNS will do thus am requesting on a step by step summary on how to setup the split DNS through pFsense.

        Thanks

        1 Reply Last reply Reply Quote 0
        • C
          chris4916
          last edited by Oct 23, 2015, 6:49 AM

          @mukethamike:

          Am using pfsense as DNS server

          running what ? DNS forwarder, resolver, bind?

          and a Nginx server as a proxy server.

          Do you mean "reverse proxy"?

          Is Split DNS Configuration the way to go?

          definitely yes if you use pfSense as DNS server for external clients.
          However, assuming your registrar provides you with interface allowing to manage your domain, I would suggest to handle the "external side" of your domain there instead of using pfSense, even if it means some administration overhead.

          Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

          1 Reply Last reply Reply Quote 0
          • M
            mukethamike
            last edited by Oct 23, 2015, 9:00 AM

            ;D ;D

            Thanks Chris.

            This is helpful. Am using pFsense as a resolver and Nginx as a reverse proxy as you put it.

            So split DNS it is.. am writing a report on this. If I get a quick summary on how to do the this will highly appreciate.

            Regards.

            1 Reply Last reply Reply Quote 0
            • C
              chris4916
              last edited by Oct 23, 2015, 9:47 AM

              As far as I understand, neither DNS Resolver nor Forwarder have been designed to act as external (public) DNS.
              Therefore, if you really want to use pfSense as your public DNS too, you should perhaps think about Bind instead.

              The idea behind split DNS is to expose different content, from DNS standpoint, to internal and external users so that:

              • all your intranet is not exposed to internet (in term of name/ip resolution)
              • DNS answers with public IP to requests from internet.

              Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

              1 Reply Last reply Reply Quote 0
              • J
                johnpoz LAYER 8 Global Moderator
                last edited by Oct 23, 2015, 12:28 PM

                "am writing a report on this"

                So your wanting help with your school work??

                "For actual details have like 6 sub domains and forwarded port 80 to my domain IP given by my ISP to the Nginx server in the local LAN."

                This really has NOTING to do with pfsense, as chris states the name servers in pfsense are not really meant to be authoritative.. You can setup overrides to resolve whatever you want to whatever you want.  But dnsmasq nor unbound are authoritative name servers.  You could install the bind package, etc.

                But resolving of anything for the public is best done on the PUBLIC with say your isp dns, a dns service.  Using pfsense as dns for outside public would be BAD even if using bind on it.  Hosting your own dns is not something you should take lightly.. And if you have to ask, you clearly are not ready to do it ;)

                Point whatever fqdn you want to pfsense public IP at your public dns.  Then you can create overrides in pfsense dns so clients locally would resolve those sites to the local address vs the public one.. I have a funny feeling you don't really even understand what the term split dns means..  And we are helping you with some school assignment as well…

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                1 out of 7
                • First post
                  1/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received