I have a registered domain (let's say mydomain.tld). The soa is my registar dns server.
On opnsense system/settings/general/domain is mydomain.tld
In my registar i have a ddns update for mydomain.tld and cnames for published services (service.mydomain.tld).
On opensense all published services are served through caddy reverse proxy this way:
domain: service.mydomain.tld
upstream server: internalservice.mydomain.tld:port
internalservice.mydomain.tld is :
- an unbound host override (for example for docker based services)
- a registered dhcp host (for example for vm)
Of course service.mydomain.tld and internalservice.mydomain.tld are not the same name.
For now i use isc dhcp and unbound.
Unbound is the only dns server published through dhcp.
I plan to move to dnsmasq with unbound as per the docs.
Do i need to use a subdomain for resolving lan ip ? like internal.mydomain.tld
For now:
- from the lan any host lookup resolves fine (to external ip or internal ip depending on the host queried). The queries are handled by unbound.
- and from the outside only the hosts with a cname are resolved.