merlin+dnsmasq+ddns - can't seem to force resolve a public natted IP to the local subnet...

[ffsb]

Good Morning everyone!

I am running an https service on one of my local subnet PC; I am also exposing this same service through merlin to the internet using port forwarding finally I am using DDNS to map my external IP to a proper dns name...
something like:
foo.bar.com -> via DDNS -> external public IP = 1.2.3.4
1.2.3.4 ->merlin which forward port 443 to LAN -> 192.168.0.10:4443

the problem is that I would like my local devices to be able to resolve directly foo.bar.com to the local IP 192.168.0.10 to avoid a round trip through my ISP...
I tried to add the mapping in my /jfss/configs/hosts.add

192.168.0.10 foo.bar.com server1​

I tried to add the mapping in /jfss/configs/dnsmasq.add

address=/server1.mydomain.com/foo.bar.com/server1/192.168.0.10​

however no matter what, when I try to nslookup foo.bar.com on the merlin machine itself (or one of my local PC) I always seem to get the public IP... note I force the resolution to be done by merlin by running:
nslookup foo.bar.com 192.168.0.1
on the other hand, dnsmasq entries seem to be used as well since I can get the local IP when I resolve server1... it is just a priority order... it seems that they are only used if the external DNS doesn't have the answer....

• running latest merlin+diversion+dnsmasq and using afraid-ddns (& google ddns for other services... )
  
• merlin's internal IP is 192.168.0.1
  
• using dns filter to force dns resolution to the router (bypassing a few fireTV because they had an issue with pixelsrv-tls)
• using openDNS on the WAN config

not sure if it is relevant since I get the error even if I specify 192.168.0.1 to resolve but these are the resolv files:

admin@frog:/jffs/configs# ls -l /etc/resolv.conf
lrwxrwxrwx 1 admin root 16 Oct 30 17:43 /etc/resolv.conf -> /tmp/resolv.conf
admin@frog:/jffs/configs# cat /tmp/resolv.conf
nameserver 208.67.222.222
nameserver 208.67.220.220
admin@frog:/jffs/configs# cat /rom/etc/resolv.conf
nameserver 127.0.0.1
admin@frog:/jffs/configs#​

 

[ffsb]

Meantime I found a solution but it is very kludgy and IMHO there should be a better way...

1. created dummy "/jfss/configs/extra.dnsmasq.hosts" file with:
   echo "192.168.0.10 foo.bar.com" > jffs/configs/extra.dnsmasq.hosts
   
2. created a /jffs/configs/dnsmasq.conf.add file with:
   echo "addn-hosts=/jfss/configs/extra.dnsmasq.hosts" > /jffs/configs/dnsmasq.conf.add
3. restarted dnsmasq:
   service restart_dnsmasq0

now I can resolve the public DDNS name locally with the local IP....
I also noticed that I can't resolve the public DDNS name anymore even if I specificy a different DNS server (I guess this is a security feature of merlin to overwrite all resolutions according to its policy) - not an issue in my case...

but is there a better way to do this?

 

[dave14305]

What if you use this syntax instead in dnsmasq.conf.add?

host-record=foo.bar.com,192.168.0.10

 

[ffsb]

Actually that doesn't seem to work at all... if I use host-record I can resolve that one entry but it looks like other dns resolution is not happening...

what I tried:

1. created a /jffs/configs/dnsmasq.conf.add file with:
   echo "host-record=foo.bar.com,other-hostname,192.168.0.10" > /jffs/configs/dnsmasq.conf.add
2. restarted dnsmasq:
   service restart_dnsmasq0
3. test fails:
   C:\Users\ff>nslookup www.google.com 192.168.0.1
   DNS request timed out.
   timeout was 2 seconds.
   Server: UnKnown
   Address: 192.168.0.1
   
   DNS request timed out.
   timeout was 2 seconds.
   DNS request timed out.
   timeout was 2 seconds.
   DNS request timed out.
   timeout was 2 seconds.
   DNS request timed out.
   timeout was 2 seconds.
   *** Request to UnKnown timed-out
   
   
   

 

[dave14305]

Actually that doesn't seem to work at all... if I use host-record I can resolve that one entry but it looks like other dns resolution is not happening...

what I tried:

1. created a /jffs/configs/dnsmasq.conf.add file with:
   echo "host-record=foo.bar.com,other-hostname,192.168.0.10" > /jffs/configs/dnsmasq.conf.add
2. restarted dnsmasq:
   service restart_dnsmasq0
3. test fails:
   C:\Users\ff>nslookup www.google.com 192.168.0.1
   DNS request timed out.
   timeout was 2 seconds.
   Server: UnKnown
   Address: 192.168.0.1
   
   DNS request timed out.
   timeout was 2 seconds.
   DNS request timed out.
   timeout was 2 seconds.
   DNS request timed out.
   timeout was 2 seconds.
   DNS request timed out.
   timeout was 2 seconds.
   *** Request to UnKnown timed-out
   
   

There's probably a syntax error in the final /etc/dnsmasq.conf. Check your system log when dnsmasq starts.

 

[ColinTaylor]

1. restarted dnsmasq:
   service restart_dnsmasq0

I assume that's a typo and the command is actually?:

service restart_dnsmasq