I'm hoping I'm just doing something daft, but I can't get the LAN DNS feature to work as I want.

Let's say I have a domain called "mydomain.com". If I set up an A record "sub1.mydomain.com" to point to the public IP address of the Vigor2927 router then I can access it when I am outside of the network (and port forwarding rules kick in). However, clients inside the network don't seem to work (Windows maybe, but Android not).

I was expecting to be able to set up "sub1.mydomain.com" in the LAN DNS section to effectively override the public IP supplied in the A record with a private internal IP. However, this doesn't work if the subdomain actually exists, but it does seem to work if it doesn't exist.

So...

sub1.mydomain.com - has a public A record and a LAN DNS entry, but will always resolve to the public IP from inside the network.
sub2.mydomain.com - has NO public A record, and a LAN DNS entry, and does resolve to the private IP of that entry from inside the network.

Unless I'm doing something wrong, it looks like the LAN DNS entries are only being searched AFTER there's an attempt to resolve the name via the public DNS and it failed to return an entry.

Any suggestions?

Just to follow up with a bit more info. I'm using firmware v4.3.2, and when I follow this example from the knowledge base...

https://www.draytek.com/support/knowledge-base/5151

It simply doesn't work, and ftp.draytek.com ends up resolving to eu.draytek.com with an external IP address.

Is this a bug, or have I got something in my config (which I didn't think was very fancy) that is stopping the expected behaviour?

I have an 2962 and set up basically as the article, works ok.
myip.draytek.com myip = the name I used to when setting up Applications >> Dynamic DNS Setup
LAN DNS Resolution / Conditional DNS Forwarding set a record as myip.draytek.com address 192.168.0.1 checked same subnet.
If I use https://myip.draytek.com makes secure connection to the 2927

I also set myap.draytek.com the record points to 192.168.0.3 (an access point) I can make an http connection Ok if I try https connection get security warning. As there is no certificate Installed on the AP. I have tried to figure out how to do this, with no success.

I'm a bit confused @johnpa7

Are you saying that myip.draytek.com and myap.draytek.com resolve to external IP addresses when you are connected to a network other than your own? I'm not using DDNS as I have fixed IP addresses, but I'm not sure that's necessarily relevant.

Could you try to implement the example as listed in the knowledge base, and override ftp.draytek.com, and see what it resolves to when you attempt to ping it?

I've tried another test...

If I set up *.draytek.com to point to 192.168.5.99 then any sub-domain that exists resolves to the public IP, but anything that doesn't exist resolves to 192.168.5.99. So it really does look like it's checking the existence of the *real* DNS record first, and then looking in the LAN DNS, rather than the other way around.

Cheers,

Steve.

I set up in Applications >> LAN DNS / DNS Forwarding

Index 1 then created an entry printer.myip.com address 192.168.0.12

if enter http://myap.myip.com it resolves to 192.168.0.12 this only for local network
My problem is i am not sure how to create a certificate and import into web browser chrome
To permit secure connection https://myap.myip.com

This on works on local network, which if I understand is the basis LAN DNS / DNS Forwarding.

I'm a complete novice at this

I think your issue is separate to mine.

If you could try to add an entry for "ftp.Draytek.com" with 192.168.0.12 and ping ftp.draytek.com and let me know what you see, that would be great.

If you are accessing the domain names that you have set up internally, then do you really need https? By definition, they are inside your network, so aren't likely to pose a security risk.

Cheers,

Steve.