mirror
/
docker-documentation
kopia lustrzana https://github.com/linuxserver/docker-documentation
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Add split dns (#207) 

* Add split dns

* CR fixes

* Fix typo

* CR fixes
pull/208/head
quietsy 2024-04-19 08:38:37 +03:00 zatwierdzone przez GitHub
rodzic 70edca5301
commit 3814e5efad
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: B5690EEEBB952194
3 zmienionych plików z 70 dodań i 0 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

BIN
docs/assets/images/split-dns.png 100644
Wyświetl plik

Plik binarny nie jest wyświetlany.
Side by Side

Po

Szerokość:  |  Wysokość:  |  Rozmiar: 224 KiB

1
docs/general/.pages
Wyświetl plik

@ -10,3 +10,4 @@ nav:
- fleet.md
- swag.md
- how-to-get-support.md
- split-dns.md

69
docs/general/split-dns.md 100644
Wyświetl plik

@ -0,0 +1,69 @@
![Split DNS](../assets/images/split-dns.png)
# Split DNS
Spilt DNS allows you to give different answers to DNS requests for internal and external users, so local requests for your server don't have to go via your router, it has several benefits:
- Faster due to not having to go through the router.
- The reverse proxy can easily differentiate between internal and external requests with allow/deny since there's no NAT.
- Things still work when the internet is down.
- Things still work when upstream DNS (Your ISP/Google/OpenDNS/etc) isn't available.
## Requirements
- An internal reverse proxy that **listens on port 80/443**.
- An internal DNS resolver that supports rewrites or hosting full DNS zones.
## Popular DNS Configurations
These examples assume `domain.com` is your domain and `10.10.10.10` is your reverse proxy.
### OPNSense
Navigate to Services > Unbound DNS > Overrides > Host Overrides > Add:
- Host: `*`
- Domain: `domain.com`
- Type: `A or AAAA`
- IP: `10.10.10.10`
### PFSense
Navigate to Services > DNS Resolver > General Setting > Host Overrides > Add:
- Host: `*`
- Domain: `domain.com`
- IP Address: `10.10.10.10`
### Pihole & dnsmasq
Create a file called `/etc/dnsmasq.d/domain.conf` with this contents:
```
address=/domain.com/10.10.10.10
```
### AdguardHome
Navigate to Filters > DNS rewrites > Add DNS rewrite:
- Domain name: `*.domain.com`
- IP Address: `10.10.10.10`
## Wireguard Issues
When exposing a wireguard server, the wireguard subdomain should not be split or it will break the connection while roaming between wi-fi and mobile data.
For example, you can exclude `wg.domain.com` on AdguardHome by creating another DNS rewrite of `wg.domain.com` to `wg.domain.com`, that will exclude it from the split.
## NAT Reflection / NAT Loopback / Hairpin NAT
NAT reflection is an alternative option to split DNS, which can provide some but not all of the same same benefits, it allows LAN devices to use the external IP and get port-forwarded without being NAT'd.
It's usually a setting on specific routers that can be enabled via a checkbox.
Note that using Cloudflare proxy (the orange cloud) or Cloudflare tunnels will bypass it and still send traffic externally.
## Neither
Without split DNS or NAT reflection traffic goes out of your router to reach your external IP and then gets NAT'd back in, often getting blocked by the router since external traffic with a LAN IP source is seen as malicious.