Hey everyone, I wanted to ask for some help regarding my DNS setup and for routing requests to my selfhosted services.

Currently I use Pi-Hole as a DNS server with my routers default DNS server as the upstream server. This allowed me to define local DNS entries using Pi-hole and route my requests to these domains directly to my local services. For example I bought a domain a while ago and in preparation for setting it up, I had it entered as a local DNS entry pointing directly to my servers IP address.

Earlier today I finally got around to setting up a cloudflare tunnel to expose one of my services to the outside world using the domain I bought. Ever since I did that, all requests to that domain seem to exit my home network, go through cloudflares network and then return through the tunnel, even though I have a local DNS entry for that domain name.

What I would prefer is for the request to be routed directly to my server instead, since I am in the same network already. Since my DNS server is the Pi-Hole, I figured this should happen automatically.

Is there an issue with my Pi-Hole setup? If there is any information missing I’ll be happy to provide it. I wasn’t sure what information I could safely post here.

Solution

I think I managed to fix the problem. After enabling the option Never forward reverse lookups for private IP ranges in Pi-Hole and clearing my DNS cache again, nslookup only returns local IP addresses instead of the IPv6 address of two cloudflare servers.

  • Scrath@feddit.deOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    When I use tracert I can see the package going through a server in Frankfurt which is definetely outside of my local network. The final IP address that tracert shows me is from a cloudflare server in california (2606:4700:3033::ac43:b10f) according to this site: https://whatismyipaddress.com/ip-lookup

    Using nslookup for my domain I get 3 addresses. The first two are cloudflare addresses in the US. The final one is my servers local IP address.

    • DeBaum
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Pihole seems to upstream your requests although there is a local entry for that domain in your settings. Maybe it has something to do with using IPv6? Maybe your device prefers the cloudflare IPv6 over your local IPv4 address.

      Or Maybe your device queries your pihole as well as your Router to get the IP. Check your current dns server on your device: ipconfig /all (Windows)

      • Scrath@feddit.deOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I think I fixed the issue by enabling the Never forward reverse lookups for private IP ranges option in Pi-Hole. After that I flushed my dns cache again and called tracert for my domain name. I only get one hop directly to my server now. nslookup also shows only local addresses now.

      • Scrath@feddit.deOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Looking at the output of that command I get the following for my ethernet network interface

        DNS-Server  . . . . . . . . . . . : fd98:1919:5915:0:3053:4134:bdc9:295d
                                                  192.168.1.60
                                                   fd98:1919:5915:0:3053:4134:bdc9:295d
        

        Using nslookup on that IPv4 address tells me that all of those addresses are pointing to my pi-hole

        nslookup 192.168.1.60
        
        Server: pi.hole
        Address: fd98:1919:5915:0:3053:4134:bdc9:295d
        
        Name: pi.hole
        Address: 192.168.1.60
        

        I’ve added another local DNS entry on my Pi-Hole which points the domain I use to the same server but this time uses its IPv6 address. That doesn’t seem to help though or it takes some time to update. I flushed the DNS cache on my machine after adding this entry though.