Domain names behind OPNsense

[neggard]

Now I have set up my firewall with open port 80 and config my webserver with 2 domains.
When I am outside the firewall I could use www.domain.com and domain.com and it works perfect.

But when I am behind the firewall the domain.com take me to the OPNsense login page
www.domain.com take me to a page that have this message on:

A potential DNS Rebind attack has been detected.
Try to access the router by IP address instead of by hostname.

I have read something about NAT reflection but cant get it right.
Can you help me?

[fabian]

the easiest fix is using split DNS so it will resolve the internal IP instead of the external. NAT reflection is when you send packets to the wan interface it should handle them like the come from outside.

[neggard]

I have tried split dns but I cant get it to work.

Do I need to do more than enable it?

[bartjsmit]

Can you post a (redacted) screenshot of your Host Overrides from Services > DNS Forwarder please?

Bart...

[neggard]

I made it works but not sure I made it correct.

In firewall -> advance I activate 'Reflection for port forwards' (pure NAT)
Also 'Reflection for 1:1' & 'Automatic outbound NAT for Reflection' is activate.

When I go to mydomain.com I am redirected to my webserver control panbel but When I add www to the adress it works.
That is ok for me, redirected to my site with coorect domain name made it easier to work with site.

[neggard]

Probably I get some problem when I add SSL cert from lets encrypt.
But I try and see what happend.