Add host entry

[Micky]

Hi!

Possible very basic question and I know how to do this on my Linux firewall and on Windows 10, too, however, not within DSM.

I've two DNS servers running in my LAN: the primary one is installed on my Synology NAS and is mainly responsible for the Windows clients that authenticate against a Synology Directory Server and a second DNS server running on my firewall. The Firewall is acting as a DHCP-server, too, and publishes the primary and secondary DNS-server to the clients.

I've added a new host entry on my firewall so I can reach an internal server with an external domain name and obviously w/o leaving the LAN. So I've added ffsync.domain.de 192.168.5.100 to the host file.

If the name resolution works correctly and as expected, I noticed that ffsync.domain.de resolves into the local IP-address, e.g 192.168.5.100.

Unfortunately, this works only from time to time and I guess most of the time it does not work is due to the DNS resolution made from my Synology NAS.
Because at the time it does not run as expected, I get the external IP-Address of the domain name.

Background: I'm running a server on my LAN that can be reached by using an external domain name and a reverse proxy's port forwarding. For some reasons I do not want to the LAN clients to access this local server with an external name resolution.

So long story short: how can I add a similar host entry on my Synology for those clients that primarily use the Syno's DNS server?

FWIW: the NAS is not accessible from external but it can access the internet...

Thx,
Michael

 

[fredbert]

Have you tried adding a new master zone on the NAS's DNS Server that covers ffsync.domain.de? [I haven't looked at this...] Or a forwarding zone on the NAS DNS going to the firewall's DNS?

I assume you have created both DNS Servers as master zones for the same domain, rather than having one server being the master and the other being slave and updated from the master.

 

[Micky]

Good question. Right now, the DNS of my Synology is configured as primary DNS and the firewall's DNS as secondary. Both configured in the firewall's DHCP server.

So this leaves the question: how to configure both DNS as master on my Synology, guess this is what you meant before, right?

 

[fredbert]

That's not quite what I meant. DHCP can provide a list of DNS servers to the DHCP clients, generally primary, secondary, etc. What I was meaning is that the zone within the DNS server is either a master zone (i.e. owns the zone and is where the records are defined) or a slave zone (which maintains a copy of the master zone, so stops all resolution request having to be sent to the master DNS).

It sounds that you are manually maintaining the zones on each DNS server. Then the DHCP server is telling DHCP clients to use both, but the firewall's DNS server is to be used first.

I've only used DNS Server on DSM and SRM so my understanding of doing this on other implementation is limited. Within DNS Server you create master zones for domains and this means that any requests for these domains get resolved here, for other domains the server will forward the request to the other configured DNS servers.

What I was asking is if you have created a new zone that handles ffsync.domain.de on the DSM DNS Server? If you haven't then requests will get sent to the forwarding servers.

 

[Micky]

Guess I solved this puzzle

I've added a master zone on Synology's DNS-Server by using the external domain name domain.de and used the IP-address of my firewall as the DNS server address. FWIW: the second DNS server is running on the firewall.

After saving the new master zone, I've added a ressource entry of type A using a FQDN pointing to the correct server. I've used ffsync [domain.de] in this case.

I had to do some more homework but not on any Synology devices to get the final result but nevertheless it works now as expected!

Thanks to all for reading and especially to @fredbert for pointing me into the right direction!