I having a strange issue with my NextCloudPi that’s prohibiting me from accessing it on my LAN via its hostname or FQDN (e.g. nextcloud.mydomain.com). Here’s some notes and/or things I’ve tried:
I can access it via it’s IP address just fine. Also, I have external port forwarding set up and it resolves when accessing externally, just not on LAN.
Router is OpenWRT 21.02. I have double checked that NAT loopback is enabled and I don’t think this is an issue with the general router setup. All of my other internal server-like machines (HomeAssistant, MagicMirror, Linux file server) resolve in the LAN just fine.
If I do an nslookup for the hostname on Win 11 cmd, the router returns the FQDN but no IP address.
My first reaction was “DNS rebind protection”, if you have not looked into that. OpenWRT
It may be that the other servers run mDNS to be reachable on their domain name, without using DNS and thus without triggering the DNS rebind protection in the first place. On second thought… that would place them at homeassistant.local, not at homeassistant.mydomain.com
Having said that, does mDNS work for your NC Pi?
Some other thoughts:
does configuring another DNS on your cliest give other behaviour?
as troubleshooting point, does entering the details for your NC Pi in hosts at your client provide access
Just checking: externally the FQDN does resolve to your NC Pi, doesn’t it?
Thanks for all your suggestions. Sorry for the late reply, but I wanted to make sure I investigated them all before I responded.
I found the rebind protection box in the DHCP seeting in OpenWRT and it was unchecked? Assuming that’s correct, right?
mDNS would be accessing it via <hostname>.local right?
I do get a response from that address, but it has a certificate error. If I tell the browser to ignore the “bad” cert, it then gives gives the error
Internal Server Error
The server encountered an internal error and was unable to complete your request.
Please contact the server administrator if this error reappears multiple times, please include the technical details below in your report.
More details can be found in the server log.
presumably becuase nextcloud.local is not in the trusted domains list (only nextcloudpi.local). And while I was looking at the config.php, I did verify that both nextcloud.mydomain.com and the assigned LAN IP address are listed.
Yes. If I manually switch to 8.8.8.8 the FQDN resolves
Yes, this also allows be to bring up the site.
Correct
Also an additional piece of info. I just noticed that there is a line for NAT loopback on the NCP system info screen and it says “no”
As I said above, I double checked this (and rebind protection) on the router, but I’ve attached the relevant screens in case I missed something.
Thanks, @wbk. Happy to report that this is now working. It was partly your suggestion to check the OpenWRT logs that set me off in the right direction.
The DNS queries doen’t show up in the OpenWRT logs by default, so I hadn’t noticed anything when I checked earlier. But your question made me look again and I saw in the OpenWRT documentation that you have to enable DNS logging by SSHing into the router and entering:
uci set dhcp.@dnsmasq[0].logqueries="1"
uci commit dhcp
service dnsmasq restart
Them you can see the entries in Status > System Log
Also, for anyone reading this thread later, the logs get filled up quickly, so you’ll want to check immediately after doing anything.
In my case it was that a CNAME entry I had set up earlier when I was trying a different tact with my setup was causing a conflict with the assignment of the hostname to the NCPi .
Also, just for reference, it seems like the rebind protection wasn’t playing a factor at all. Both pre-fix and post-fix having it on or off seems to make no difference.
