How to access a subdomain within the LAN

mukethamike · Oct 22, 2015, 2:02 PM

Hey Team,

Am having an issue accessing my subdomains within the LAN setting. My external clients have easy access to the internal resources.

Am using pfsense as DNS server and a Nginx server as a proxy server.

Is Split DNS Configuration the way to go?

Thanks in advance

Michael

johnpoz · Oct 22, 2015, 2:04 PM

Can you give some actual details..

Are you using pfsense as your dns? so you have host.sub.domain.tld and pfsense is pfsense.domain.tld ??

But normally yes split dns is much better option than any sort of nat reflection..

mukethamike · Oct 23, 2015, 5:53 AM

Thanks Mr. Johnpoz

Yes am using Pfsense as my DNS. am quite new to Pfsense. This was a task channeled to me which i accepted.

For actual details have like 6 sub domains and forwarded port 80 to my domain IP given by my ISP to the Nginx server in the local LAN.

This is all the info. i have for now, and after lots of research i saw that Split DNS will do thus am requesting on a step by step summary on how to setup the split DNS through pFsense.

Thanks

chris4916 · Oct 23, 2015, 6:49 AM

@mukethamike:

Am using pfsense as DNS server

running what ? DNS forwarder, resolver, bind?

and a Nginx server as a proxy server.

Do you mean "reverse proxy"?

Is Split DNS Configuration the way to go?

definitely yes if you use pfSense as DNS server for external clients.
However, assuming your registrar provides you with interface allowing to manage your domain, I would suggest to handle the "external side" of your domain there instead of using pfSense, even if it means some administration overhead.

mukethamike · Oct 23, 2015, 9:00 AM

;D ;D

Thanks Chris.

This is helpful. Am using pFsense as a resolver and Nginx as a reverse proxy as you put it.

So split DNS it is.. am writing a report on this. If I get a quick summary on how to do the this will highly appreciate.

Regards.

chris4916 · Oct 23, 2015, 9:47 AM

As far as I understand, neither DNS Resolver nor Forwarder have been designed to act as external (public) DNS.
Therefore, if you really want to use pfSense as your public DNS too, you should perhaps think about Bind instead.

The idea behind split DNS is to expose different content, from DNS standpoint, to internal and external users so that:

all your intranet is not exposed to internet (in term of name/ip resolution)
DNS answers with public IP to requests from internet.

johnpoz · Oct 23, 2015, 12:28 PM

"am writing a report on this"

So your wanting help with your school work??

"For actual details have like 6 sub domains and forwarded port 80 to my domain IP given by my ISP to the Nginx server in the local LAN."

This really has NOTING to do with pfsense, as chris states the name servers in pfsense are not really meant to be authoritative.. You can setup overrides to resolve whatever you want to whatever you want. But dnsmasq nor unbound are authoritative name servers. You could install the bind package, etc.

But resolving of anything for the public is best done on the PUBLIC with say your isp dns, a dns service. Using pfsense as dns for outside public would be BAD even if using bind on it. Hosting your own dns is not something you should take lightly.. And if you have to ask, you clearly are not ready to do it ;)

Point whatever fqdn you want to pfsense public IP at your public dns. Then you can create overrides in pfsense dns so clients locally would resolve those sites to the local address vs the public one.. I have a funny feeling you don't really even understand what the term split dns means.. And we are helping you with some school assignment as well…