Access local resources by domain name in local network and outside of it too

Hi all,

I'm trying to resolve a problem. I have a Synology server on premise which provides a set of services (file sharing, video stream etc.). I'd like these resources to be available from inside the local network but from outside too.

The first step I did was to use a DDNS service on synology and use route53 API to update all the subdomains that are serving the service on the server with the external IP allocated by the ISP. This setup works great with one problem: when used from local network, the speed is limited by the external link as the resolv will always report the external IP (and router forwards ports accordingly).

In order to fix this I started a DNS server on the Synology as well. This returns for all the above services its local IP. So the clients will resolv dynamically to a local host IP or external one without any changes on their side. For this to work I added to the DNS service in LEDE a server forwarder (DNS forwardings) as being the IP of the Synology server. The problem is that now the router refuses to resolve these names as per Rebind Protection: possible DNS-rebind attack detected. Temporary I whitelisted the local domain name but I'm wondering if there are better solutions for this. What do you guys think?


Friendly ping on this.

Can you configure the DNS at LEDE to resolve the names for the services, instead of forwarding them?

iptables will probably solve your problem,If I understood correctly.

iptables -t nat -A PREROUTING -d EXTERNALIP -m tcp -p tcp --dport SERVICEPORT -j DNAT --to-destination SynologyIP