And to be clear, the registrar of your domain has the correct nameservers of your DDNS provider, correct?
These are the ones you check, correct?
Your DDNS provider has told you this should be instantaneous, correct?
That what you said you configured, correct?
And I assume that's the true hostname of the server, correct...with ULAs on Windows servers..being used "willy nilly" that you don't understand, correct???
Example Domain
This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission.
Using option domain in dnsmasq config (which I don't)
And DHCP kicks in as fallback
And why is that?
Because:
The entry is statically configured in dnsmasq config (via option domain)
and then dnsmasq is reading the lease from odhcpd
-> This results in a duplicate ULA IP
Actually for true horizon a would have to propogate my internal DNS entries to the public DNS and I don't want that for security reasons.
That is why use cname remapping on the internal side.
There is no loop.
DDNS Script just needs this to detect if the IP has been correctly updated.
Common, one public IP, but you're propagating private IPs to the DNS server???
Maybe we're misunderstanding each other.
I have no clue what you're talking about, and this is another DNS misunderstanding. I asked if your OpenWrt controlled Authoritative DNS...and through discussion the DDNS provider does. So this statement looses me.
Instantaneous, correct?
Even thought that instant answer is on your WAN (your true interface IP), correct?
For the time being and with only 1 public IP. It doesn't matter.
But when I get more IPs some day or deploy an apache server with named-based virtual hosts....
Yes it is that simple.
Then I switch from wildcard to actual real A/AAA sub-domains mapped to the correct IP.
On the internal DNS nothing has to be changed.
There are needed.
Simple example.
I want my nas to be reached at nas.public.com for my internal network.
But I also use some applications outside my internal network that use ftp.public.com to access the nas.
When I move from the public internet to my internal network, I would have to change the configuration of the application(s) again. (from ftp.public.com to nas.public.com)
I now have a proper cert from lets crypt for all my services, www, ftp, plex.
Working on the public internet and working on the internal lan.
All lan hosts use internal IPs and all public hosts use the WAN IP.
I would call this working setup.
The only thing I don't understand is:
Why internal hosts don't use the ULA IPv6 to communicate.
Atleast sometimes.
Now when I do a ping -6 nas.public.com
My hosts prefers the public IPv6 instead of the ULA one.
The ULA one is reachable too. public.com is also set as search domain. If this matters.
Maybe I should make this point more clear.
For IPv6 only local connectivity is important.
Getting the public IPv6 onto the public DNS is too much work atm.
But when a hosts on the LAN wishes to use IPv6 it should work.
Strangely, some machines prefer the ULA prefix over the public one.
I have no clue why that is.
OMG...turn it off...it has to be public...you really are loosing me.
Get a static IPv6 prefix from a tunnel company, HE does it for free
Assign your IPv4 host by DDNS script; IPv6 can obviously be static, or you can script it...
I have no clue about how what this "propagating LAN DNS names to the Public Zone" thing is or how you're even doing it; but whatever it is, just turn it off - your horizon is the OpenWrt, run DDNS there, do not "propagate" anything across
assign all static IPs (v4 and v6) to all servers on your network
disable ULAs - they seem to be causing you confusion anyway
you seem to relying on the LAN hostname to populate Global Public DNS, I donno how; but if this process is separate from "propagating," turn this off too, again, do not use LAN to config Global
My other suggestion is to use another LAN domain because that confuses you, but using the same domain name was the basis of your thread.