Hi
Currently I’m running a few servers at my home and I own a domain. I’d like to access those servers from outside my network (right now that happens through a VPN) but I don’t know anything about A records and MX records and as I understand, that’s what’s needed to do this. So would there be a tutorial that explains this like I’m 5 years old?
A
(andAAAA
) records store your IP address, whileMX
record stores a domain for email servers to use.So if I want to go to www.mydomain.com/pihole to go to my pi-hole instance, I would create an A record containing the internal IP of pi-hole and an MX one to configure the subdomain (www.mydomain.com/pihole), is that correct?
No, the MX recourd is only for emails, and for the paths (like in your example), it’s handled by your server.
Also, the subdomains are
subdomain.yourdomain.com
.
On DNS you need A record if you have ipv4 only or A and AAAA records if you have ipv4 and ipv6.
You DNS outside you home servers? If you have dynamic IP at home you can’t host DNS on home server.
You have only 1 IP? You need port forwarding on you home gateway to home servers if you use somerhing like SSH. If you want access to something web based you need proxy. NGINX for example.
How it exactly work:
- Somewhere someone write youdomain.com in browser.
- Browser ask local dns: who is youdomain.com
- local dns ask another dns, and another and in one iteration request go to you dns. Or maybe some of dns have cached answer. But imagine that not.
- You dns send answer youdomain.com is 111.222.333.444 for example. That is A record.
- DNS work stop on that.
- Browser send request to 111.222.333.444 with HTTP header “Host: youdomain.com” and some path. / or /something maybe.
- Some balancer should get request and send in to right server in you home network.
UPD: don’t show to internet something risky interfaces. Proxmox web panel or something like that. This is a real bad idea. For that type of services VPN extremely greatest. Send you DNS to public without protection not a great idea too. Including pihole. I think you will get into some botnet already on the 3rd day of work.
Hi there. We hope you’re enjoying NSQ. Will you please edit your post title so that it contains a question? It’s rule 1 in the sidebar. Thanks for posting!
Not sure about a good resource. Do you know what both of those records do?
Your domain needs a nameserver. It… Serves the name associated with your IP. Or vice versa idk. This can be GoDaddy or namecheap, google, amazon, or you can host your domain locally, but the it’s not on the internet. This part is difficult for me to explain, so here’s ChatGPT with the assist:
To clarify the two different aspects:
Local Nameserver: This is a DNS server that runs on your local network and is used by devices within your network to resolve domain names to IP addresses. Setting up a local nameserver allows you to control DNS resolution for devices within your local network. You can configure your devices to use this local nameserver for DNS resolution instead of relying on public DNS servers.
Public DNS: When you lease a domain (purchase or register a domain name), you need to set up DNS records for that domain on public DNS servers. These public DNS servers are maintained by your registrar or a DNS hosting provider. They are responsible for translating your domain name into the corresponding IP address and making it accessible from the internet.
So, if you have a domain registered with a registrar, you need to set up DNS records for that domain with the registrar’s DNS servers or a DNS hosting provider. This is necessary for your domain to be reachable from the internet. Additionally, you can still set up a local nameserver for your local network to handle DNS resolution within your network.
If you want to experiment with DNS and test how DNS works locally, you can set up a local nameserver on your network. However, to make your domain accessible to the public, you must still configure DNS records with your domain registrar or DNS hosting provider. Keep in mind that managing public DNS requires knowledge of DNS configuration and security practices to ensure your domain functions correctly and remains secure
Now that that’s kinda clearer than I can make it… What is an A record? What is an MX record? If you already know, ignore me.
An A record is an address. It’s the main resolution of your ip. An A record for example.com is example.coms IP address
A CNAME is a “canonical name” and is how you build subdomain. “WWW” is a common CNAME that usually points to the domain. “Mail” is also popular, it usually points to an e mail client.
MX records are mail exchange records. This tells email which servers to go to to get delivered.
Hopefully that helps a bit. I’m not an excellent resource but I do know me some dns.
So an a record is nothing more than a name you connect with an ip address. Your computer takes that name and asks your dns server (in your case hour pi-hole) who that is. Your dns then looks it up and tells your pc that this address is the ip 157.22.4.67 (just made that up and don’t know what’s there). So then your pc connects to that ip.
PCs can’t really work with names and need ip address to reach anything over the internet.
It’s like your home address so that the post office can deliver to you. That means every device that is reachable over the internet needs a unique ip address. Like how your home address that needs to be unique too.But now comes the more complex part. There is a device that sits between your local network and the internet. Like the door on you house.
Because ip addresses are limited they declared that there should be private ip ranges that won’t be able to be used on the wider internet, and these are 192.168.x.x, 10.x.x.x and I forgot the third range.
These ip ranges are only usable on your network.
They are like little postal addresses that only the people living in your house know and can go there. The postman delivers to your house address and you take that letter and give it to the recipient that maybe lives in a room in your cellar. Your postman doesn’t know but you do. In that case you are the router your provider gave you. That router uses something called a NAT (network address translation) to deliver the package to the device that asked for it. Because most connections are going out from your network to the internet it’s mostly plug and play.So what you can do is go to your domain provider and change the A record to the external ip address that your router is using but be warned there a countries where the provider changes your ip address with every reconnect (mine does).
And here is the tricky part. Your router needs to know to whom he has to deliver and you can tell him that with port forwarding. That means that if you try to connect with a browser to your external ip address it goes to port 80 if you use http:// or 443 if you are using https:// and your router needs to know to whom these connections go and that should be your server.
And now comes the harder part. You have to have a web server on your home server that uses port 80 or 443 to accept these packages and shows you your sites that you want to reach. I don’t remember much from configuring nginx/apache to help you there but the rest should be searchable.
TL;DR: A records are like postal addresses that say behind that name is that ip address so that a computer can go there.
What is your end goal? What services are you trying to access from outside your network?
Lots of servers running. Main System is proxmox. I have an Ubuntu server running on that with docker installed which runs about everything (pi-hole, nginx, jellyfin, radarr, sonarr, (even) Firefox, and more). So end goal would be to go to www.mydomain.com/pihole to access pihole, to www.mydomain.com/jellyfin to go to jellyfin and so on.
I’d recommend running pihole.yourdomain.com or jellyfin.yourdomain.com instead. I think using yourdomain.com/service might cause you some problems, that’s why i heard other recommend use subdomains instead.
What I’d personally recommend is Cloudflare Tunnels, it allows you to lock down access to your services with an emailed code or other authentication method, as well as avoiding having ports forwarded to your services. It’s an easy way to avoid port forwarding and not have to worry about whether all the services you’re hosting are 100% secure, since you’ll be exposing them to the internet.
The downside is you’re routing all your traffic through Cloudflare.
I discovered this one too. Don’t care about the downside as long as it works and is easy a ough to do…And it is, worked right out of the box. The only problem I have now is that my website (hosted on the servers of a domain provider) is not accessible anymore. Tried to redirect to the correct ip, but it’s not working. I have an nginx server too but for some reason that ip is also unavailable, while the one from my jellyfin (which is on the same proxmox) is 🤔
Sorry for the late reaction. I found a solution in cloudflare tunnels. Works, and easy enough to understand.