Using option domain in dnsmasq config (which I don't)
And DHCP kicks in as fallback
And why is that?
The entry is statically configured in dnsmasq config (via option domain)
and then dnsmasq is reading the lease from odhcpd
-> This results in a duplicate ULA IP
Actually for true horizon a would have to propogate my internal DNS entries to the public DNS and I don't want that for security reasons.
That is why use cname remapping on the internal side.
There is no loop.
DDNS Script just needs this to detect if the IP has been correctly updated.
Common, one public IP, but you're propagating private IPs to the DNS server???
Maybe we're misunderstanding each other.
I have no clue what you're talking about, and this is another DNS misunderstanding. I asked if your OpenWrt controlled Authoritative DNS...and through discussion the DDNS provider does. So this statement looses me.
Even thought that instant answer is on your WAN (your true interface IP), correct?
Yes it is that simple.
Then I switch from wildcard to actual real A/AAA sub-domains mapped to the correct IP.
On the internal DNS nothing has to be changed.
There are needed.
I want my nas to be reached at nas.public.com for my internal network.
But I also use some applications outside my internal network that use ftp.public.com to access the nas.
When I move from the public internet to my internal network, I would have to change the configuration of the application(s) again. (from ftp.public.com to nas.public.com)
I now have a proper cert from lets crypt for all my services, www, ftp, plex.
Working on the public internet and working on the internal lan.
All lan hosts use internal IPs and all public hosts use the WAN IP.
I would call this working setup.
The only thing I don't understand is:
Why internal hosts don't use the ULA IPv6 to communicate.
Maybe I should make this point more clear.
For IPv6 only local connectivity is important.
Getting the public IPv6 onto the public DNS is too much work atm.
But when a hosts on the LAN wishes to use IPv6 it should work.
Strangely, some machines prefer the ULA prefix over the public one.
I have no clue why that is.
OMG...turn it off...it has to be public...you really are loosing me.
Get a static IPv6 prefix from a tunnel company, HE does it for free
Assign your IPv4 host by DDNS script; IPv6 can obviously be static, or you can script it...
I have no clue about how what this "propagating LAN DNS names to the Public Zone" thing is or how you're even doing it; but whatever it is, just turn it off - your horizon is the OpenWrt, run DDNS there, do not "propagate" anything across
assign all static IPs (v4 and v6) to all servers on your network
disable ULAs - they seem to be causing you confusion anyway
you seem to relying on the LAN hostname to populate Global Public DNS, I donno how; but if this process is separate from "propagating," turn this off too, again, do not use LAN to config Global
My other suggestion is to use another LAN domain because that confuses you, but using the same domain name was the basis of your thread.