How to set up a nameserver for LOCAL network, but also have it work publicly?

Hi Everyone,

I need your help because I'm a little confused. My friend has Comcast internet at her house. I installed FreeBSD on an old Dell R710 server and it has a backup of her web site. I set up the DNS so its something like backup.website.com while the public www version of the web site is hosted at a regular data center. When Comcast is down at her house (or when its working), she wants to open a browser and go to backup.website.com and have the backup copy of her web site work normally.

While I can install FreeBSD, Apache, PHP, and MySQL without much trouble, this has me a bit stuck. I know FreeBSD has some powerful networking tools and its own nameserver too right?

Her setup is as follows:
- Comcast modem > ASUS Wifi router > ethernet cable > Dell R710 running FreeBSD 12.3-RELEASE-p5 GENERIC

I CAN access backup.website.com from my house SOMETIMES, but it takes a long time to come up and sometimes I have to refresh the browser a bunch of times. I feel like Comcast really doesn't want you hosting web sites from your house. While having the backup web site accessible publicly would be nice, its NOT a necessity.

When I'm at her house I CANNOT get backup.website.com in a browser, so that is where I'm confused. What should I check next? Maybe there's a simple solution and I'm making it more complicated than it needs to be? LOL

Thanks in advance!
 
Your question is: "what should I try next" but what you have done so far isn't clear I'm afraid. Namely, when you say: "I have set up the DNS" what have you done exactly?

This may mean that you have configured the DNS of your domain registrar using their web panel to point backup.website.com to the residential IP of your friend (which I suspect), but this could also mean that you have installed and configured the BIND nameserver locally. Having more clarity on your setup will make it easier for people to help you identify the problem.

You may also want to clarify the goal: does your friend want to use her home computer as a fallback server to which visitors of her website would automatically be redirected if the data center goes down (which means that her instance of the website should have access to the production database - assuming her website needs a database, maybe it is just a static website not needing any database) or does she simply need to have a development environment being totally independent from the live website.
 
Your question is: "what should I try next" but what you have done so far isn't clear I'm afraid. Namely, when you say: "I have set up the DNS" what have you done exactly?

Yes, I HAVE...
configured the DNS of your domain registrar using their web panel to point backup.website.com to the residential IP of your friend (which I suspect),

But no, I have not installed or configured BIND locally.

To clarify the goal, when the internet goes out, which it does frequently in her neighborhood, she just wants to be able to access the local version of the web site. The local web site has its own database and does not connect to the production database. But this is fine because the database doesn't get updated that often and I have a script that copies the production web site to the backup web site once a week.

I'm not sure why I can access her site from my phone or a browser outside her local network, but when I'm connected to her WIFI (or ethernet) I cannot. Is this because my requests are not going out to the web host's nameserver? Maybe the ASUS router is trying to be a local nameserver but it's not set up right?

I might need some tips on how to check what's going on before I try installing anything on FreeBSD. I'll try traceroute next time I'm over there?

thanks
 
When you're out and about, you want backup.website.com to go to a public IP.

When you're at the house, you want backup.website.com to go to a private IP.

This is called split-horizon DNS.
The manual way of just slapping the IP into /etc/hosts, maybe using a script to swap which hosts file you're using when the internet goes down, is the easiest.
 
The manual way of just slapping the IP into /etc/hosts, maybe using a script to swap which hosts file you're using when the internet goes down, is the easiest.
Sure is!

Just remember you made that entry otherwise there will be some confusion at some point (unless you go for a scripted solution.)

With my old router if I tried to connect to my public IP address from inside the network, it failed. So my hosts file entry had to be the internal IP.

With my new router if I try the same - it works - so something in the router figures it out. So now I don't need a hosts file entry, I can set-up the backup.domain.name to point to my external IP.

So e.g. of a local hosts file entry (just a line in the file /etc/hosts):

192.168.1.44 development.mysite.co.nz

There are hosts files on most operating systems so it's useful for most platforms.
 
There may not even be a need for split-horizon since the domain name being accessed is not the same which makes the situation even simpler:

When there is internet, the website being accessed is example.com and when internet is down, the person instead visits backup.example.com. So only a single entry for backup.example.com pointing to the private IP would be needed in the /etc/hosts file. The other (example.com) will go to the internet by default.

I think, the problem may come from the fact that she is using a router. When you try to connect from her home the following happens:

1. your computer tries to connect to backup.example.com and sends a DNS request to get the IP
2. In your setup the home router likely relays the DNS request
3. The router gets its own IP address back as a result of the DNS request
4. How is the router supposed to know to which computer to route the request? (the router only knows that the request is for the public IP address, which is its own address).

One way to get around this problem is to setup a port redirect on the router, so that the router knows that whenever a request is received on a specific port of the router, the destination is a specific computer. If you only host a single website, just redirect port 80 (if her ISP does not block it). If you choose (or have to choose) a port other than 80, remember to append the port number to the URL in your web browser. Routers usually have an admin GUI allowing to setup port redirects relatively easily.

Alternatively, you want to ensure that the hostname of her computer (at the FreeBSS OS level) is set to backup.example.com so that the router will store this hostname in its routing table during DHCP.

If this is not practical, as msplsh said the best solution is to bypass the router by defining the IP adress of backup.example.com in the /etc/hosts file OF EVERY computer that will need to access the backup website from her network. This also applies to her computer: you need to inform her computer of its alias name (my understanding is that the local backup is hosted in HER house, not in your house).

So the file would have the following entry on her computer:

127.0.0.1 backup.example.com

and a line like:

192.168.185.7 backup.example.com

on other computers.

Without this, it is possible that while outside connections are accepted, the router is confused when seeing that a connection originating from the network is attempted to be routed through the internet, but then the nameserver points back to the router. But since you are able to connect from the outside, I guess that the host name of her computer probably already is set to backup.example.com.

EDIT: Actually I take back the last remark, the fact that the connection is slow and unreliable when you connect from the outside may be due to a misconfiguration, but what happens here is not 100% clear to my mind since if her main hostname is indeed set to backup.example.com I would expect the router to locate her computer when you try to connect from the local network.
 
They still need split horizon since www.website.com goes to a server and backup.website.com points to the external IP and is hooked up with what I assume is a port-mapped NAT.

Just have a script like working_from_home.py and working_on_the_road.py and that just copies /etc/hosts.home or /etc/hosts.road to /etc/hosts

Have hosts.home contain the private IP and home.road contain the public one.
 
They still need split horizon since www.website.com goes to a server and backup.website.com points to the external IP and is hooked up with what I assume is a port-mapped NAT.

Sure but www.website.com and backup.website.com are unrelated from the perspective of the OS, they are seen as two different hosts (which they indeed are). Split horizon is meant to provide different answers to two identical queries, here we are talking about two different queries, and only one of them needs to be intercepted by /etc/hosts.

Moreover the backup website isn't even supposed to have an external IP (it was mainly introduced for debugging purposes). backup.example.com is only accessed from her home, which simplifies things a lot. Their need is not to provide a fallback for all external visitors of the website, but only for her when she is working from home and her internet connection is broken.

I am not insisting on this for the sake or arguing, but just out of concern of helping them figure out the simplest solution to the problem at hand.
 
If backup.website.com doesn't have to be accessible remotely, then just put a private IP in the hosts file and you're done. I'm not sure it's that simple, but 🤷‍♀️.
 
Sure but www.website.com and backup.website.com are unrelated from the perspective of the OS, they are seen as two different hosts (which they indeed are). Split horizon is meant to provide different answers to two identical queries, here we are talking about two different queries, and only one of them needs to be intercepted by /etc/hosts.

Moreover the backup website isn't even supposed to have an external IP (it was mainly introduced for debugging purposes). backup.example.com is only accessed from her home, which simplifies things a lot. Their need is not to provide a fallback for all external visitors of the website, but only for her when she is working from home and her internet connection is broken.

I am not insisting on this for the sake or arguing, but just out of concern of helping them figure out the simplest solution to the problem at hand.
Yes, that's all correct.

Thank you everyone for the replies! My friend was out of town for a bit and then I've been busy, but I will try the hosts file and see if that works. I will report results here when I do.

I'm not sure what to do with her iphone and ipad, as far as a hosts file. I'll just google that though.

Originally I was thinking I could do something on the FreeBSD box, like set up a nameserver or something, and then have her router use the nameserver on the FreeBSD box. That's why I posted here. But maybe that's way more complicated than it needs to be if I can just modify a hosts file on a few computers/devices.
 
You didn’t mention the requirement for supporting iOS devices so not sure there’s an easy hosts file way on that platform but worth a look.
 
Top