DIY Hosting/Nameserver DNS forwarding

lvnona · February 15, 2019, 6:30pm

Hello folks! Need your help.
I have my own home made server for hosting / mail / name server.
And it’s setup by local ip address: example: 192.168.1.55
External IP: example 99.75.65.66

my domain example: example.ca
At my domain purchaser (Godaddy) i created name server hosts: ns1.example.ca & ns2.example.ca
ns1.example.ca - 99.75.65.66
ns2.example.ca - 99.75.65.66

Godaddy name servers accordingly:
nameserver1:ns1.example.ca
nameserver2:ns2.example.ca

Now how I can properly setup routerboard DNS forwarding so Godaddy can see my 99.75.65.66 to local 192.168.1.55?

Thanks for help

mkx · February 15, 2019, 7:20pm

add action=dst-nat chain=dstnat comment="DNS TCP port forwarded" dst-port=53 \
    in-interface-list=WAN protocol=tcp to-addresses=192.168.1.55 to-ports=53
add action=dst-nat chain=dstnat comment="DNS UDP port forwarded" dst-port=53 \
    in-interface-list=WAN protocol=udp to-addresses=192.168.1.55 to-ports=53

The above will work if you only have single WAN IP address. If that’s not the case, replace “in-interface-list=WAN” with “dst-address=”.

You should really diversify your DNS servers … most (if not all) domain checking services will complain about both NS having same IP address.

lvnona · February 16, 2019, 7:37am

Thanks I’ll play with it but is it mistake or it has to be:
in-interface-list=WAN
or
in-interface=WAN
?

Tnx

nescafe2002 · February 16, 2019, 8:35am

Newer default configuration make use of interface lists, the provided example will work fine on recent configs.

If you don’t have interface lists, we can only guess. Post config ( /export hide-sensitive ) or adept example to your liking.

lvnona · February 16, 2019, 8:50pm

I need more help.
With my domain I sat - example.ca to 99.75.65.66 - which is my static public IP
Now when i type example.ca it goes straight to my router login 192.168.1.1
which makes sense because 99.75.65.66 is same as 192.168.1.1 - right?

How i can make sure router will forward example.ca to 192.168.1.55

Thanks,
Norm

mkx · February 16, 2019, 8:56pm

Did you test from internet or from your LAN?

If from LAN, then you need to implement “hair-pin NAT” … search for it on this forum, it’s shown how to do it properly a few times.

If from internet, then your NAT doesn’t work and your firewall is flawed … and I sincerely hope that’s not the case.

lvnona · February 17, 2019, 2:10am

From internet, but for some reason it doesnt do that all the time.
Is it possibly somehow effected with ISPConfig DNS settings as well?

mkx · February 17, 2019, 8:28am

I don’t think ISP can affect how inbound connection (e.g. to port 80) is handled by your RB. If connection, showing RB, is actually hitting your RB that is …

Why don’t you post config (/export hide-sensitive and obfuscate your public IP address) so we can have a look?