Hey everyone, I wanted to ask for some help regarding my DNS setup and for routing requests to my selfhosted services.
Currently I use Pi-Hole as a DNS server with my routers default DNS server as the upstream server. This allowed me to define local DNS entries using Pi-hole and route my requests to these domains directly to my local services. For example I bought a domain a while ago and in preparation for setting it up, I had it entered as a local DNS entry pointing directly to my servers IP address.
Earlier today I finally got around to setting up a cloudflare tunnel to expose one of my services to the outside world using the domain I bought. Ever since I did that, all requests to that domain seem to exit my home network, go through cloudflares network and then return through the tunnel, even though I have a local DNS entry for that domain name.
What I would prefer is for the request to be routed directly to my server instead, since I am in the same network already. Since my DNS server is the Pi-Hole, I figured this should happen automatically.
Is there an issue with my Pi-Hole setup? If there is any information missing I’ll be happy to provide it. I wasn’t sure what information I could safely post here.
Solution
I think I managed to fix the problem. After enabling the option Never forward reverse lookups for private IP ranges in Pi-Hole and clearing my DNS cache again, nslookup only returns local IP addresses instead of the IPv6 address of two cloudflare servers.
Split DNS is a huge source of headaches. Be really sure that this is the route you want to go. It can easily lead to really weird situations and hard to diagnose errors.
Do you have a better alternative you can recommend? My upload rate isn’t all that good so I would like to avoid having more traffic than necessary leaving my network if the target is within my network anyway.
I’m going to get stoned for suggesting this in this community, but if your upstream is poor you should consider hosting it outside. Of course this depends on many things.
The most obvious solution is to have an alias for both ways to actress the service, and configure the service accordingly. It needs a bit of care to set up reverse proxies and certificates and everything but it makes it clear whether you want to connect to the inside or the outside version. Obviously this means that it won’t switch automatically when your connection changes, but that is a feature.
Another option is to keep doing what you’re doing and just is the tunnel.
The final way is just to keep it inside and use something like zero tier or tailscale.
Outside hosting isn’t really something I want to consider. I didn’t mention this in my post but this setup is for my media server which needs a lot of storage space. I don’t know about the pricing for a VPS but I am pretty sure it isn’t as cheap as I would want it. Also uploading my media to a VPS with my upload rate would take a lot of time whenever I want to add something new.
Using two hostnames for accessing the same service isn’t really an option either unfortunately. The specific part I’m trying to set up is a navidrome server for music. The app I use to access the server is called Symfonium and can only add one address per media server. I could get around that by adding multiple media sources but that would result in all of my media appearing twice in searches.