My ISP doesn't allow hairpinning and drops packets that I try to send to myself. So if I own example.com for the sake of routing to my network I can only use it externally (assuming I have a DNS record of pointing at my IP (say, 188.8.131.52). If I try to access example.com locally my ISP drops it!
So I set up a DNS record on my Raspberry Pi PiHole to route example.com to 192.168.0.1. My router was set to forward DNS queries to the PiHole.
Yet I couldn't always access example.com locally - it seemed spurradic! It turns out my DNS queries weren't always resolving.
Breakdown of setup:
- Public IP: 184.108.40.206 - to access my network remotely
- Private IP of router: 192.168.0.1 (this can forward DNS queries)
- IP of PiHole: 192.168.0.9 (this is my local DNS provider)
- 220.127.116.11: where I want example.com to point when I'm remote
- 192.168.0.1: where I want example.com to point when I'm local
Again, if I my ISP/ISP's router supported hairpinning then example.com pointing to 18.104.22.168 would be fine as long as the appropriate ports were forwarded!
Debugging dropped DNS
I finally identified the actual cases:
I examined my DD-WRT router and found this under Status > Syslog
daemon.warn dnsmasq: possible DNS-rebind attack detected: example.com
My router was the cause of the issue! It turns out some routers prevent domains from being bound to local IP's!
Fixing "No DNS Rebind"
I could disable the option "No DNS Rebind" but that felt less safe than trying to fix this one domain. Turns out I could just use
Services> Services > Additional Dnsmasq Options