0

I've successfully configured DynDNS in my router and now I'm able to reach my home server from outside my local network using my custom domain.

Using the very same domain I'm able to reach my home server from inside the local network, despite having an external IP, so I assume my router allows NAT loopback for that domain.

I was thinking that this was enough to ensures that network traffic stays within the local network for the requests to my home server.

But I made a simple test that seems to disprove that.

I changed the /etc/hosts file of my laptop ( connected to the local network ) to resolve my DynDNS domain as the local IP of my server ( e.g. 192.168.1.2 )

Network speed is much faster using the local IP for every request. I assume is because the request is not going outside the local network.

My laptop is not the only device that will use the server. Furthermore changing back and forth the hosts file inside/outside my network is not a viable option. What I don't really get is why the router is not "smart" enough to reroute the requests

Am I missing something?

The only way to resolve this is deploying a DNS server in my local network?

Improve this question
4
  • Why you do not try to change the /etc/hosts and set an address returned by nslookup (external)? And why you do not try to insert a static record with a local address for your server into your router's DNS ?
    – Akina
    Commented Aug 8, 2018 at 10:06
  • @Akina my router ( AVM Fritz!Box 3272 ) doesn't seems to support the management of static DNS records.
    – genna
    Commented Aug 8, 2018 at 10:19
  • 'why the router is not "smart" enough to reroute the requests' -- with NAT it does just that, it takes time and effort though. Packets that use the local IP of your server probably don't even go through the "routing" part of the router. If they travel via the router's box, they may just visit its internal switch which handles them at hardware level, not the logical router.
    – Kamil Maciorowski
    Commented Aug 8, 2018 at 10:19
  • @KamilMaciorowski I understand that skipping the "routing" part of the router makes the request faster. But using the internal IP is 5/6 times faster
    – genna
    Commented Aug 8, 2018 at 10:41

1 Answer 1

Reset to default
0

No, your router is not doing "NAT loopback".

There are two cases. You can see which applies by looking at the IP of the external network interface of your router (which may be different from your public IP, see below).

1) Your ISP is doing carrier grade NAT (very likely, in Germany a near certainty).

Your public IP will be in your ISP's network. Your router will also have a private IP in your ISP's network (which is different from the private IP's in your home-network). When you send a packet to your public IP, it will go to the router, then to your ISP's network, then back to your router, then to your server. You may or may not see (part of) this with traceroute.

So it will leave your home-network, but won't leave your ISP's network.

There is an ICMP REDIRECT mechanism to make this faster the next time, but your ISP may or may not use it, and the Fritzbox may or may not obey it.

OTOH, when you directly use the address of your server, that's where it will go.

2) Your ISP is not doing carrier grade NAT. The packet to your public IP will go to your router, it will detect that it's a local IP, but it will still apply the port forwarding rules, and send it back to your server.

That's still slower than sending it directly to the server, but not as much as case (1).

3) Your Fritzbox is perfectly capable of managing static IPs. And it already runs a DNS server. You can edit the name of the device in the GUI, you can tick the "always same IP" box, and the server will be reachable under xyz.fritz.box, always with the same IP.

What it won't do is override name resolution for names outside of its domain (at least I don't think it can, might actually be worth a try).

So yes, if you want your DDNS domain name resolve to different IPs depending on whether you are in your home network or outside, you'll have to deploy a second DNS server. Or script something to change /etc/hosts automatically depending on which SSID it's connected to, etc.

Improve this answer
2
  • Pinging my custom domain ( both inside and outside the home network ) gives me the external IP of my router, that is part of my ISP network ( in Italy ). This should restrict the possibilities to option 1, right? I'll probably deploy a DNS server on a Raspberry to solve the issue without the need to change nothing on every device of my network.
    – genna
    Commented Aug 8, 2018 at 13:23
  • No. Your custom domain uses DDNS, so it resolves always to your external IP, no matter where you are. And some ISPs do funny things inside their networks, so traceroute/ping is not a reliable instrument to see this.
    – dirkt
    Commented Aug 8, 2018 at 14:14

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .