Help with DNS

Telesphoreo · December 12, 2021 at 8:02 AM

Hello,

I'm a bit tired and maybe someone can help me with this DNS issue. So basically, my goal is to have my NAS completely blocked off the internet. However, I'd like to have access to synology photos externally only. So, you can't actually access the Telesphoreo drive, just your home folder and only if you know the credentials.

However, I can't seem to get any domain name to resolve. I used to be able to type ad.telesphoreo.me and it would bring me to the NAS, but now it's not even recognizing it.

So at the moment you can type in 10.10.10.5 and that's the only way to actually access the NAS (locally / VPN). However, I'd like it to be cleaner so I can type in photos.telesphoreo.me and it'll redirect to synology photos.

This is what the main page looks like

And here's the synology photos login page

What this means is you should be able to access it from photos.telesphoreo.me or 10.10.10.5:25252 or 10.10.10.5/photos. Only the ones with the IP address work (port and alias work fine). I have no idea if this is because I'm running Active Directory on it as well and my DNS settings are messed up?

This is my computers DNS. 10.10.10.2 is my Pi hole and 10.10.10.5 is the NAS (DNS server) so it's clearly there

I can't even seem to ping ad.telesphoreo.me which is really weird considering it's domain joined to it...

These are some of the records in the DNS app which I think are relevant

This is what the resolution page looks like

Not sure this has any effect, but I've tried it with enable resolution service on and off and it didn't seem to change anything

And here's the domain in AD

Here's the network settings for the NAS itself

I wonder if it has to do with that the DNS is 127.0.0.1?

I also realized while I was making this post that at one point it was on the internal VLAN and had a 192.168.1.x IP address. I moved it to a different VLAN so now its at 10.10.10.5

Any ideas on how I can get external access / domain names working? My goal is to change the Synology photos url to something like eshjvitpow34ubp895w34uvmWU904UVM5W34QVDSJOV.telesphoreo.me and make a certificate for it so that its not something so easy like photos.telesphoreo.me

Obviously, security by obscurity isn't entirely the best, and what would be the most ideal is completely blocking administrators from logging in externally but I can't seem to do that on this NAS

Telesphoreo · December 12, 2021 at 9:53 AM

Setting my DNS on the computer level to 10.10.10.5 only let me resolve ad.telesphoreo.me

I added a certificate from Lets Encrypt with the domains nas.telesphoreo.me and phoros.telesphoreo.me but it won't resolve in the web browser. I tried port forwarding and it let me do it from the IP but not the domain name

**StevenNL2000** · December 13, 2021 at 3:48 PM

You are making things very complicated by using the NAS as a DNS server. If you just add the DNS records for telesphoreo.me in the Namecheap control panel, you will be able to resolve them through Pi-hole. That works for local IP addresses as well, assuming you've made them static.

Telesphoreo · December 13, 2021 at 4:25 PM

↩ StevenNL2000 I decided against making anything public facing so I just added the local IP to Pihole DNS. I only have port 80 portforwarded for the lets encrypt certificates. I'm confused on what you mean though. If I add photos.telesphoreo.me Namecheap to my IP and port forwarded 25252, it worked but only when the URL was https://photos.telesphoreo.me:25252. When I do it locally https://photos.telesphoreo.me resolves there without any port. I'm not sure what you mean by putting in the namecheap control panel

Telesphoreo · December 13, 2021 at 6:57 PM Best Answer

So how I got it working locally was to

Add the domain names to your home IP address in the Namecheap DNS page
Port forward 80 on your network to the NAS
Go to the Login Portal tab and add the domain names you want
Go to the Security tab and generate a new Lets Encrypt certificate to replace the self signed Synology one
Add the DNS records to Pi hole and point it to the NAS's IP

Very confusing but it works. There's no external access this way. I am just going to use a VPN and accept that I won't be able to share photos to others with synology photos

**StevenNL2000** · December 13, 2021 at 10:04 PM

↩ Telesphoreo The port problem can obviously be fixed by making the external port of the forward 443, but that does make your NAS very easy to find for malicious network scanners. What I meant is that you wouldn't need to use the NAS as a DNS server or add any records to Pi-hole if you put 10.10.10.5 in Namecheap instead of 70.37.246.22. However, you can't provision SSL certificates with that setup because the verification server can't find your NAS at a local IP.

Telesphoreo · December 13, 2021 at 10:07 PM

↩ StevenNL2000 But if I were to put 10.10.10.5 in wouldn't it not make it public at all?

**StevenNL2000** · December 13, 2021 at 10:15 PM

↩ Telesphoreo If you put in 10.10.10.5, you will always need a VPN to access it when you are not on your home network. If that's not what you want, you have the solution already, and you can forward port 443 if you are annoyed by having to enter :25252.

Help with DNS

wild1145 July 16, 2022 at 11:47 PM

wild1145 November 2, 2022 at 6:25 PM

wild1145 November 2, 2022 at 6:57 PM

Users Viewing This Thread