Menu
What's new
By:
Filters Better Search

Accessing dynamic DNS entities from inside the LAN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

hungarianhc

hungarianhc

Regular Contributor
Hi All,

I posted this question in the routers section, as I believe it's router related…

I have a synology NAS. The URL is something like myname.diskstation.me ~ this URL works great when I'm outside of the network, but it doesn't work from within. I have done some googling, and apparently this is some kind of DNS issue, correct?

Can someone help explain why it doesn't work? And can someone also point me to a way to fix it? Some of the Synology apps don't use quickconnect, and I want to show my wife (she's pretty geeky) some of the DSM features, but I know she won't go for having two bookmarks - one w/ IP for on LAN and one w/ dyndns url for when remote.

I hope my question was clear. Thanks in advance for the help!
 
hungarianhc said:
Hi All,

I posted this question in the routers section, as I believe it's router related…

I have a synology NAS. The URL is something like myname.diskstation.me ~ this URL works great when I'm outside of the network, but it doesn't work from within. I have done some googling, and apparently this is some kind of DNS issue, correct?

Can someone help explain why it doesn't work? And can someone also point me to a way to fix it? Some of the Synology apps don't use quickconnect, and I want to show my wife (she's pretty geeky) some of the DSM features, but I know she won't go for having two bookmarks - one w/ IP for on LAN and one w/ dyndns url for when remote.

I hope my question was clear. Thanks in advance for the help!
Click to expand...

No, it's not a DNS issue, it is your router. Some consumer routers do not support NAT loopback connections (basically, accessing a LAN side device via it's NAT'ed WAN IP from the internal LAN network).

There is little you can actually do about this except changing your router for a model that does support the NAT reflection or switching the firmware out for a 3rd party firmware that does (where available).
 
I actually just realized that my DDNS does work within my own LAN, not just outside. I'm running at RT-N66U and Synology's DNS built into the NAS box.

I've never really tried to get this working in the past, I just knew it was difficult or impossible.
 
Last edited:
Look in your router software and see if you have a place for static DNS entries. Setting up a static entry will require your clients to use the router for DNS. Your clients will just check the router by pointing to it for DNS and will find a hit with your static entry which points inside of your network with the appropriate IP address. I have done this many times.
 
coxhaus said:
Look in your router software and see if you have a place for static DNS entries. Setting up a static entry will require your clients to use the router for DNS. Your clients will just check the router by pointing to it for DNS and will find a hit with your static entry which points inside of your network with the appropriate IP address. I have done this many times.
Click to expand...

This "trombone" fault in DDNS for intra-LAN - seems to be a problem with the majority of consumer routers. Indeed, I haven't owned one that supported such. It is a PITA. Setting a static DNS server in the router to override the ISP-assigned one, won't affect things. I always use 4.2.2.2 and 8.8.8.8 as they are reliable.

A DNS lookup of mydomain.dyndns.org would return the IP address that's in use on the WAN side of your router. The problem is which LAN side IP address should be substituted. Perhaps you have a server on port 80 (HTTP) on the LAN. So you probably have the router set to port-forward port 80 to a specific IP address on the LAN, and that would be a static IP so the port-forward setting need not change. Let's say that server is 192.168.1.200. The NATing in the router would need to substitute 192.168.1.200 for the DNS server's response of the public IP address for the server - but somehow it would have to backtrack - to see that some LAN user was really trying to get to mydomain.dyndns.com:80, and use the :80 as a clue of how to match that to the server based on port forwarding rules. There is a scheme for routers to do DNS relay, but I don't think it helps with the issue.

Maybe there is a NAT functional way to do this.
At an enterprise, they'd have their own DNS and edge router that deals with this, but maybe not found in consumer routers.
 
Last edited:
@stevech & @coxhaus, I should clarify that when I'm on my LAN and navigate to exampleDDNS.synology.me that I have to add proper port # for device I'm looking to get in. So only when I go to exampleDDNS.synology.me:5000 can I, for example, be brought to my NAS's GUI. I'm totally happy that it even works doing that though.
 
You just need to intercept the DNS request before it goes outside of your LAN and redirect it. You can also use Microsoft DNS server to create a static entry. Or you can forward your Microsoft DNS to your router and use the router. It all works, you just need to chain them. Since you are accessing DNS on your LAN side I am not sure DDNS really plays a part in this scenario. DDNS only relates to your outside WAN IP address.

PS
I think it is such that when DNS requests are chained it will keep looking until it is resolved. If it is resolved local then it will not look outside of your LAN. So you end up with the LAN side resolving to a different IP address than the outside IP address before NAT so NAT is not required for local LAN DNS. The outside WAN IP address ends up being the same IP address once NAT is applied to the outside IP address which translates to the local LAN IP address.

PSS

The beauty of this is that one saved link will work both outside and inside your network. If for example you tried to access coxhouse.com on a web page the IP address would vary. If you were outside your network then the IP address for coxhouse.com would resolve to your outside DDNS IP address. If you are inside your network the IP address would resolve to the inside private IP address assigned to your server by your DHCP server.
 
Last edited:
coxhaus said:
You just need to intercept the DNS request before it goes outside of your LAN and redirect it. You can also use Microsoft DNS server to create a static entry. Or you can forward your Microsoft DNS to your router and use the router. It all works, you just need to chain them. Since you are accessing DNS on your LAN side I am not sure DDNS really plays a part in this scenario. DDNS only relates to your outside WAN IP address.

PS
I think it is such that when DNS requests are chained it will keep looking until it is resolved. If it is resolved local then it will not look outside of your LAN. So you end up with the LAN side resolving to a different IP address than the outside IP address before NAT so NAT is not required for local LAN DNS. The outside WAN IP address ends up being the same IP address once NAT is applied to the outside IP address which translates to the local LAN IP address.

PSS

The beauty of this is that one saved link will work both outside and inside your network. If for example you tried to access coxhouse.com on a web page the IP address would vary. If you were outside your network then the IP address for coxhouse.com would resolve to your outside DDNS IP address. If you are inside your network the IP address would resolve to the inside private IP address assigned to your server by your DHCP server.
Click to expand...

De-confuse me. I thought the problem was like this:
PC on the LAN tries to connect to a server on the same LAN, but the PC uses the symbolic name like mydomain.dyndns.com. That causes the PC to fail to connect to the server because it does not wind up giving the PC the LAN address of the server.
And the router's NAT can't fix it.
Had the PC user connected, instead of mydomain.dyndns.com to 192.168.1.xxxx, it would have succeeded.

This is the effect I called the trombone problem. It's not a problem of finding some DNS that will resolve the lookup.
 
Let’s use my example. PC on the LAN uses coxhouse.com to connect to local server. The first thing the PC does is a DNS lookup for coxhouse.com. The router replies with the inside IP address from the static entry made on the router. The PC will connect to the server on the same LAN because the IP address was resolved to the local private IP address on the LAN, not the DDNS IP address in the internet because the DNS request never went to the internet. The DNS request was answered by your router.

PS
If you are outside of your network then coxhouse.com will resolve to the DDNS IP address because your router is not going to be intercepting the DNS request.
 
Last edited:
stevech said:
De-confuse me. I thought the problem was like this:
PC on the LAN tries to connect to a server on the same LAN, but the PC uses the symbolic name like mydomain.dyndns.com. That causes the PC to fail to connect to the server because it does not wind up giving the PC the LAN address of the server.
And the router's NAT can't fix it.
Had the PC user connected, instead of mydomain.dyndns.com to 192.168.1.xxxx, it would have succeeded.

This is the effect I called the trombone problem. It's not a problem of finding some DNS that will resolve the lookup.
Click to expand...

If your router supports static DNS entries, you can add 'mydomain.dyndns.com' to resolve to the internal IP address of the PC. This will allow any clients on LAN to resolve the external domain name to the internal IP, thereby bypassing the router NAT.
However, this only works if the clients are setup to use the router as the DNS server (usually DHCP clients). If they are manually configured to use public DNS servers, this will not work.

When your mobile device is outside of the LAN, then they will use whichever DNS servers are provided to resolve the domain name - which points to your router's WAN IP.
Since this request is external of the router, it will redirect according to your port forward rules and are not affected by loopback limitations on the router.
 
Personally I would not buy a router which cannot handle static DNS entries for home or small business use. It is one of many features which I require in a router. I don’t think there is any reporting on whether the router contains this feature or not. You can also use Microsoft DNS server or any local DNS server to accomplish the same thing as static entries in the router.

Once you have static entries setup and everybody pointing to the router then lock down outside DNS access to only your preferred DNS servers. Use access list to block all access to other DNS servers. It is a nice security feature.
 
FIXED:

I went into "LAN" -> "Switch Control" -> unchecked "Enable HW Acceleration"

What does this actually do and why does this prevent NAT loopback? Some googling on the topic seems to indicate that this should only affect those who have internet connections greater than 100mbps, but obviously disabling hardware acceleration sounds like a bad thing - would love to learn more. Thanks!
 
Also worked for me!

hungarianhc said:
FIXED:

I went into "LAN" -> "Switch Control" -> unchecked "Enable HW Acceleration"

What does this actually do and why does this prevent NAT loopback? Some googling on the topic seems to indicate that this should only affect those who have internet connections greater than 100mbps, but obviously disabling hardware acceleration sounds like a bad thing - would love to learn more. Thanks!
Click to expand...

OMG hungarianhc I have no idea WHY that trick works, but it also solved my problem. I had the exact same problem as you. I accidentaly did not have that problem until I recently upgraded my wireless router from a Cisco Linksys E3000 to an Asus RT-AC68R. When I upgrade my router, suddenly my domain name stopped working from within my LAN, and I had to use local IP addresses. This resulted in two bookmarks for EVERY application on my network. I have spent hours googling over the past week trying to find a solution and spent hours fiddling with my routers settings trying to find a solution. Then I found this thread. I read the message about some routers just plain not supporting the "NAT Loopback" feature, and figured I had bought one of those routers and was about to give up and just accept the problem.. then I read your final post and decided to try turning off "hardware acceleration"... suddenly it works fine. But definitely not worth it if it decreases network performance at all... but so far I notice no difference, do you? It doesn't make any sense that a hardware acceleration feature would affect the function of NAT loopback. Could this be a firmware bug? Do you by chance also use the Asus RT-AC68R?
Jason
 
Jason, I believe that this was actually a workaround to a bug. It should have "just worked" without having to tune that setting. If my memory serves me correctly, though, Merlin has fixed the bug and submitted his change back to Asus. Haven't heard anything official though!
 
It isn't necessarily a bug. Hardware acceleration allows the NAT thoughput to be increased tremendously because the NAT work (which is how your WAN connection is shared) is done by dedicated hardware (ASICs).

These dedicated ASICs may not be designed to do NAT reflection or any related functions (like QoS). They simply look at the local port and the WAN side port and pass the traffic through.

How NAT reflection works is that it looks at the traffic bound for the WAN IP and sees if it has a rule in the NAT table that corresponds to a local host. This is done by the host processor (the general purpose MIPS processor in the chipset) which is bypassed when hardware acceleration is enabled.
 
Need to Access machine present in LAN from an external machine.

Basically,
My machine is connected to LAN with router having public IP which is connected to internet.
Now my machine has IP address assigned by LAN (e.g. 172.36.28.3). But public IP of the network from ISP is something like 74.23.10.35.

So whenever I check my ip address (on http://whatsmyip.net/) it gives IP address of router(which is public IP),

My requirement is to have TCP communication between external machine having IP address lets say "113.26.2.56" and my machine "172.36.28.3".

I have tried various DDNS tools such as NO-IP, DynDNS. But all of them are taking IP address of router.


My confusion :confused: is how to tell the router that whenever any request is received for Port no 5001, route it to my local machine.


Thanks in advance !!!:)
 
bhushanb

You need to use WAN>Port Forwarding in your router to forward a port you specify to the LAN IP address of your computer.

Forward port 8541 to 192.168.aaa.bbb. where aaa and bbb are the rest of the LAN IP address of your computer.

Then to access your computer from outside use the url http://myhouse.dyndns.org:8541

myhouse.dyndns.org:8541 becomes the URL for your house that will direct the data to your LAN IP address 192.168.aaa.bbb. 8541 is the random port you selected.
 
Last edited:
try this for intranet access...

http://hostname.local/

Don't use the FQDN, just the hostname of the NAS box - you might be surprised that it works.

sfx
 
You must log in or register to reply here.

Similar threads

I
Need Help Accessing Raspberry Pi Webserver by Name on WiFi Devices
Replies
5
Views
1K
isabasu
I
B
Firewall lan - vpn?
Replies
0
Views
509
blast
B
D
Bond / Link Aggregation option missing from LAN / Switch Control in UI - 3004.388.6
Replies
7
Views
1K
RMerlin
RMerlin
thegios
Cannot access a website from pc and Android (Chrome) and cannot login to Android app of the website
2
Replies
24
Views
550
thegios
thegios
N
OpenVPN - Local Access on a DDNS to forwarded ports.
Replies
1
Views
377
octopus
octopus

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 693 (members: 28, guests: 665)
Top