There’s an age old question on wether to use Split DNS or NAT reflection to access public web servers from an internal network. We won’t get into that, but I recommend using Split DNS to accomplish this.
First of all, what is split DNS? In a nutshell, if you have a public facing web server on your network, such as my.site.com, but you are on the internal network BEHIND the web server, you must access the web server by its IP address. Trying to go to my.site.com will return an error. This is where Split DNS comes in to play.
In a Split DNS setup, you are creating two network zones, one for external/public network and one for the internal network. This will direct INTERNAL hosts to an INTERNAL domain name server, and EXTERNAL hosts to an EXTERNAL domain name server.
If you have a local web server and would like to access it by its domain name, this guide will teach you how to do it using OPNsense.
OPNsense Configuration
Unbound DNS is the default DNS server for OPNsense. Login to your OPNsense machine and select Services > Unbound DNS > Overrides
Select the “+” button to create a new override.
Lets say for example I have a web server at mysite.vulnifo.com
In the “Host” section I am going to put the site WITHOUT the domain or a “*” to create a wildcard. In my case this would be “mysite”
Under “Domain” you place the domain name of the site. In my case this would be “vulnifo.com”
Leave the type as A or AAAA
Under “IP” enter the IP address of your web server. In my case it is “172.16.1.235”
Under “Description” enter a description just to keep track of what it’s doing.
In the end, your page should look like mine, just with your information inside of it.
Hit save – and then be sure to hit “Apply Changes” on the next screen.
Conclusion
That’s it. After applying changes, you can now access your web server by its domain name! I hope you found this guide useful, any questions feel free to comment below or contact us.
Follow us on twitter at @vulnifo to stay updated with new posts and information!
Visit our contact page for more ways to get in touch.