Show Posts
1
Tutorials and FAQs / Re: Tutorial 2023/05: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
« on: August 26, 2023, 06:37:08 pm »
Hello,
thank you very much for this great tutorial. At some points I despaired a bit, but that was more due to my lack of attention to read correctly!
Meanwhile everything is running, inside and outside of the network. However, there is one thing I didn't quite understand:
I didn't create DNS-Split nor NAT-Reflection rule and still I can reach all services locally through my subdomain, which shouldn't work.
The WAN rule I activate only temporarily to make a few services public for a short time, usually I am via a VPN or physically in the local network.
I see that Unbound forwards local DNS requests to the nameservers and if I set up a DNS-Split (Host Override) to keep the DNS resolution local, I have no access to my services.
Without DNS-Split or Port-Forwarding: Works
Local Device -> Pi-Hole (cache or forward) -> OPNsense -> Unbound (cache or forward) -> Root Nameserver.
With DNS-Split: Does not work
Local Device -> Pi-Hole (cache or forward) -> OPNsense -> Unbound (e.g. my-service.subdomain.dedyn.io = 192.168.1.50)
Even if everything works, I would like to understand why I do not need DNS split or it does not work.
Kind regards.
thank you very much for this great tutorial. At some points I despaired a bit, but that was more due to my lack of attention to read correctly!
Meanwhile everything is running, inside and outside of the network. However, there is one thing I didn't quite understand:
I didn't create DNS-Split nor NAT-Reflection rule and still I can reach all services locally through my subdomain, which shouldn't work.
The WAN rule I activate only temporarily to make a few services public for a short time, usually I am via a VPN or physically in the local network.
I see that Unbound forwards local DNS requests to the nameservers and if I set up a DNS-Split (Host Override) to keep the DNS resolution local, I have no access to my services.
Without DNS-Split or Port-Forwarding: Works
Local Device -> Pi-Hole (cache or forward) -> OPNsense -> Unbound (cache or forward) -> Root Nameserver.
With DNS-Split: Does not work
Local Device -> Pi-Hole (cache or forward) -> OPNsense -> Unbound (e.g. my-service.subdomain.dedyn.io = 192.168.1.50)
Even if everything works, I would like to understand why I do not need DNS split or it does not work.
Kind regards.