DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
LAN DNS on Vigor2927
- stevepritchard
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 29
- Thank you received: 0
10 Feb 2022 12:10 #100585
by stevepritchard
LAN DNS on Vigor2927 was created by stevepritchard
I'm hoping I'm just doing something daft, but I can't get the LAN DNS feature to work as I want.
Let's say I have a domain called "mydomain.com". If I set up an A record "sub1.mydomain.com" to point to the public IP address of the Vigor2927 router then I can access it when I am outside of the network (and port forwarding rules kick in). However, clients inside the network don't seem to work (Windows maybe, but Android not).
I was expecting to be able to set up "sub1.mydomain.com" in the LAN DNS section to effectively override the public IP supplied in the A record with a private internal IP. However, this doesn't work if the subdomain actually exists, but it does seem to work if it doesn't exist.
So...
sub1.mydomain.com - has a public A record and a LAN DNS entry, but will always resolve to the public IP from inside the network.
sub2.mydomain.com - has NO public A record, and a LAN DNS entry, and does resolve to the private IP of that entry from inside the network.
Unless I'm doing something wrong, it looks like the LAN DNS entries are only being searched AFTER there's an attempt to resolve the name via the public DNS and it failed to return an entry.
Any suggestions?
Let's say I have a domain called "mydomain.com". If I set up an A record "sub1.mydomain.com" to point to the public IP address of the Vigor2927 router then I can access it when I am outside of the network (and port forwarding rules kick in). However, clients inside the network don't seem to work (Windows maybe, but Android not).
I was expecting to be able to set up "sub1.mydomain.com" in the LAN DNS section to effectively override the public IP supplied in the A record with a private internal IP. However, this doesn't work if the subdomain actually exists, but it does seem to work if it doesn't exist.
So...
sub1.mydomain.com - has a public A record and a LAN DNS entry, but will always resolve to the public IP from inside the network.
sub2.mydomain.com - has NO public A record, and a LAN DNS entry, and does resolve to the private IP of that entry from inside the network.
Unless I'm doing something wrong, it looks like the LAN DNS entries are only being searched AFTER there's an attempt to resolve the name via the public DNS and it failed to return an entry.
Any suggestions?
Please Log in or Create an account to join the conversation.
- stevepritchard
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 29
- Thank you received: 0
10 Feb 2022 17:10 #100591
by stevepritchard
Replied by stevepritchard on topic Re: LAN DNS on Vigor2927
Just to follow up with a bit more info. I'm using firmware v4.3.2, and when I follow this example from the knowledge base...
https://www.draytek.com/support/knowledge-base/5151
It simply doesn't work, and ftp.draytek.com ends up resolving to eu.draytek.com with an external IP address.
Is this a bug, or have I got something in my config (which I didn't think was very fancy) that is stopping the expected behaviour?
It simply doesn't work, and ftp.draytek.com ends up resolving to eu.draytek.com with an external IP address.
Is this a bug, or have I got something in my config (which I didn't think was very fancy) that is stopping the expected behaviour?
Please Log in or Create an account to join the conversation.
- johnpa7
- Offline
- Junior Member
Less
More
- Posts: 41
- Thank you received: 0
11 Feb 2022 08:48 #100592
by johnpa7
Replied by johnpa7 on topic Re: LAN DNS on Vigor2927
I have an 2962 and set up basically as the article, works ok.
myip.draytek.com myip = the name I used to when setting up Applications >> Dynamic DNS Setup
LAN DNS Resolution / Conditional DNS Forwarding set a record as myip.draytek.com address 192.168.0.1 checked same subnet.
If I usehttps://myip.draytek.com makes secure connection to the 2927
I also set myap.draytek.com the record points to 192.168.0.3 (an access point) I can make an http connection Ok if I try https connection get security warning. As there is no certificate Installed on the AP. I have tried to figure out how to do this, with no success.
myip.draytek.com myip = the name I used to when setting up Applications >> Dynamic DNS Setup
LAN DNS Resolution / Conditional DNS Forwarding set a record as myip.draytek.com address 192.168.0.1 checked same subnet.
If I use
I also set myap.draytek.com the record points to 192.168.0.3 (an access point) I can make an http connection Ok if I try https connection get security warning. As there is no certificate Installed on the AP. I have tried to figure out how to do this, with no success.
Please Log in or Create an account to join the conversation.
- stevepritchard
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 29
- Thank you received: 0
11 Feb 2022 09:02 #100593
by stevepritchard
Replied by stevepritchard on topic Re: LAN DNS on Vigor2927
I'm a bit confused @johnpa7
Are you saying that myip.draytek.com and myap.draytek.com resolve to external IP addresses when you are connected to a network other than your own? I'm not using DDNS as I have fixed IP addresses, but I'm not sure that's necessarily relevant.
Could you try to implement the example as listed in the knowledge base, and override ftp.draytek.com, and see what it resolves to when you attempt to ping it?
I've tried another test...
If I set up *.draytek.com to point to 192.168.5.99 then any sub-domain that exists resolves to the public IP, but anything that doesn't exist resolves to 192.168.5.99. So it really does look like it's checking the existence of the *real* DNS record first, and then looking in the LAN DNS, rather than the other way around.
Cheers,
Steve.
Are you saying that myip.draytek.com and myap.draytek.com resolve to external IP addresses when you are connected to a network other than your own? I'm not using DDNS as I have fixed IP addresses, but I'm not sure that's necessarily relevant.
Could you try to implement the example as listed in the knowledge base, and override ftp.draytek.com, and see what it resolves to when you attempt to ping it?
I've tried another test...
If I set up *.draytek.com to point to 192.168.5.99 then any sub-domain that exists resolves to the public IP, but anything that doesn't exist resolves to 192.168.5.99. So it really does look like it's checking the existence of the *real* DNS record first, and then looking in the LAN DNS, rather than the other way around.
Cheers,
Steve.
Please Log in or Create an account to join the conversation.
- johnpa7
- Offline
- Junior Member
Less
More
- Posts: 41
- Thank you received: 0
11 Feb 2022 11:29 #100594
by johnpa7
Replied by johnpa7 on topic Re: LAN DNS on Vigor2927
I set up in Applications >> LAN DNS / DNS Forwarding
Index 1 then created an entry printer.myip.com address 192.168.0.12
if enterhttp://myap.myip.com it resolves to 192.168.0.12 this only for local network
My problem is i am not sure how to create a certificate and import into web browser chrome
To permit secure connectionhttps://myap.myip.com
This on works on local network, which if I understand is the basis LAN DNS / DNS Forwarding.
I'm a complete novice at this
Index 1 then created an entry printer.myip.com address 192.168.0.12
if enter
My problem is i am not sure how to create a certificate and import into web browser chrome
To permit secure connection
This on works on local network, which if I understand is the basis LAN DNS / DNS Forwarding.
I'm a complete novice at this
Please Log in or Create an account to join the conversation.
- stevepritchard
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 29
- Thank you received: 0
11 Feb 2022 12:36 #100595
by stevepritchard
Replied by stevepritchard on topic Re: LAN DNS on Vigor2927
I think your issue is separate to mine.
If you could try to add an entry for "ftp.Draytek.com" with 192.168.0.12 and ping ftp.draytek.com and let me know what you see, that would be great.
If you are accessing the domain names that you have set up internally, then do you really need https? By definition, they are inside your network, so aren't likely to pose a security risk.
Cheers,
Steve.
If you could try to add an entry for "ftp.Draytek.com" with 192.168.0.12 and ping ftp.draytek.com and let me know what you see, that would be great.
If you are accessing the domain names that you have set up internally, then do you really need https? By definition, they are inside your network, so aren't likely to pose a security risk.
Cheers,
Steve.
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek