Dnmasq with public domain, split dns

And to be clear, the registrar of your domain has the correct nameservers of your DDNS provider, correct?

These are the ones you check, correct?

Your DDNS provider has told you this should be instantaneous, correct?

That what you said you configured, correct?

And I assume that's the true hostname of the server, correct...with ULAs on Windows servers..being used "willy nilly" that you don't understand, correct???

Example Domain

This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission.

More information...

If you want me to read all your configs, I didn't think it was that hard to read mine; but OK. :frowning_face:

Correct, and theoretically, a "not true split" won't work. You have proven this by configuring such loops and other problems.

OK, then I would follow one of my suggestions to make a true horizon.

OK. I wish you well.

Ummm...are you saying this in theory?


If not, what does "quickly" mean in this sentence?

And why are you using the Internet to refer to something (your WAN IP) that you know from your router?!?!

(See the loop?)


I wrote, this is the case when:

  • Using option domain in dnsmasq config (which I don't)
  • And DHCP kicks in as fallback
    And why is that?
    The entry is statically configured in dnsmasq config (via option domain)
    and then dnsmasq is reading the lease from odhcpd
    -> This results in a duplicate ULA IP

Actually for true horizon a would have to propogate my internal DNS entries to the public DNS and I don't want that for security reasons.
That is why use cname remapping on the internal side.

There is no loop.

DDNS Script just needs this to detect if the IP has been correctly updated.


Common, one public IP, but you're propagating private IPs to the DNS server???

Maybe we're misunderstanding each other.

I have no clue what you're talking about, and this is another DNS misunderstanding. I asked if your OpenWrt controlled Authoritative DNS...and through discussion the DDNS provider does. So this statement looses me.

Instantaneous, correct?

Even thought that instant answer is on your WAN (your true interface IP), correct?

Nooo :smile:
I'm talking about the hostnames.
If you go for hostname <-> subdomain mapping.

On the internal DNS:

And on the public DNS the same:

But I do:
And on the public DNS:

On the internal DNS:
ftp.public.com cname -> nas.public.com


But you configured a wildcard correct????

So don't need to propagate anything, correct?


...nor make CNAMES, correct?

For the time being and with only 1 public IP. It doesn't matter.
But when I get more IPs some day or deploy an apache server with named-based virtual hosts.... :smile:

Thinking this is a troll.


  • WAN1 IP Interface<> DDNS config1 <> WAN1 IP
  • WAN2 IP Interface<> DDNS config2 <> WAN2 IP

Am I missing something?

Or do you miss Split Horizon DNS?

(Still no CNAMES needed.)

Yes it is that simple.
Then I switch from wildcard to actual real A/AAA sub-domains mapped to the correct IP.
On the internal DNS nothing has to be changed.

There are needed.
Simple example.
I want my nas to be reached at nas.public.com for my internal network.
But I also use some applications outside my internal network that use ftp.public.com to access the nas.
When I move from the public internet to my internal network, I would have to change the configuration of the application(s) again. (from ftp.public.com to nas.public.com)

You've totallty lost me here.

subdomaina <> DDNS configx
subdomainb <> copy DDNS configx
subdomainc <> DDNS configy
subdomaind <> copy DDNS configy


You did ask for a better solution, correct?

And is there some reason you want to keep propagating domains across the horizon??? :bulb:

And I never saw how configured what you said correctly anyway.

A few post earlier is a working config.

I now have a proper cert from lets crypt for all my services, www, ftp, plex.
Working on the public internet and working on the internal lan.
All lan hosts use internal IPs and all public hosts use the WAN IP.
I would call this working setup.

The only thing I don't understand is:
Why internal hosts don't use the ULA IPv6 to communicate.
Atleast sometimes.

For example when I do an nslookup:

nslookup nas.public.com

Name:      nas.public.com
Address 1: 10.0.x.x
Address 2: 2a02:x:x:x::x
Address 3: fd13:x:x:x:x

Now when I do a ping -6 nas.public.com
My hosts prefers the public IPv6 instead of the ULA one.
The ULA one is reachable too.
public.com is also set as search domain. If this matters.


  • are any protocols changing (cause all your post gives is a link and you use the term "ftp")
  • in this example are these services ran on different hosts on LAN?

If not, I don't see your issue, unless you inst on this propagating thing - which if you explained, I don't yet understand...

Both records on either side, point to the same host.

I think I may have to stop here. I wish you well.

You still believe a ULA is a proper Public config...OK....sure....whatever...

No this for the internal lan side.


This is a troll, right?

Basically...you want to propagate the DNS name as Public, but not the IPs, CORRECT?

And want the OpenWrt to do it??

But are configuring DNS lookups and/or config domain commands...into the same device...and running DDNS on it...

But want Split Horizon DNS...?

...and yet in all of this, you configured wildcards already.

I haven't even asked about if you have true IPv6 addresses; because you insisted I be sure of the single IPv4...this is just a lil wild...

Maybe I should make this point more clear.
For IPv6 only local connectivity is important.
Getting the public IPv6 onto the public DNS is too much work atm.
But when a hosts on the LAN wishes to use IPv6 it should work.
Strangely, some machines prefer the ULA prefix over the public one.
I have no clue why that is.

An IPv6 server requires an assigned address for any service. Since you want it to be public anyway, this is actually easy! :open_mouth:

You're loosing me fast...

In theory it is.
When your ISP gives you a static prefix :smile:

You can't run an IPv6 server without one :stuck_out_tongue:

So then IPv6 is impossible too. OK.

I wish you well.

OMG...turn it off...it has to be public...you really are loosing me.

  • Get a static IPv6 prefix from a tunnel company, HE does it for free
  • Assign your IPv4 host by DDNS script; IPv6 can obviously be static, or you can script it...
  • I have no clue about how what this "propagating LAN DNS names to the Public Zone" thing is or how you're even doing it; but whatever it is, just turn it off - your horizon is the OpenWrt, run DDNS there, do not "propagate" anything across
  • assign all static IPs (v4 and v6) to all servers on your network
  • disable ULAs - they seem to be causing you confusion anyway
  • you seem to relying on the LAN hostname to populate Global Public DNS, I donno how; but if this process is separate from "propagating," turn this off too, again, do not use LAN to config Global

My other suggestion is to use another LAN domain because that confuses you, but using the same domain name was the basis of your thread.

Can you do me a favor.
When you do an nslookup hostnameofyouropenwrtbox
Does it list the public ipv6?