NextCloudPi - dnsmasq FritzBox configuration

My goal is to access Nextcloud via my dyndns-address in the local network even when the port forwarding is deactivated.

I have found the following solution which works for me:

  • activated dnsmasq in ncp (Domain: mydyndns-address; DNS server: ip-address of my FritzBox)
  • set the ip of ncp in windows as primary DNS server and the ip of the FritzBox as secondary DNS server
  • DNS server setting in my FritzBox: Automatically assigned by internet provider

Next I tried the following:

  • activated dnsmasq in ncp (Domain: mydyndns-address; DNS server: ip-address of my FritzBox and later tried the ip of the DNS server of my internet provider)
  • set the ip of the FritzBox in windows as primary DNS server
  • set the ip of ncp in the FritzBox as primary DNS server and the ip of my internet provider as secondary DNS server

So I can access the internet but not Nextcloud via my dyndns-address in the local network.

Somebody an idea?

Can you explain your goal? If you deactivate port forwarding in in your router you can not access your nextcloud from the internet? Is this your goal and why?

I mainly use Nextcloud to share content with my familiy and friends over the internet.
For security reasons I don’t want that Nextcloud is constantly reachable from the internet - I only open the ports when I have something to share.

I think it is no security risk to allow port forwarding the whole day.
A hacker must know your domain, url and can only hack your nextcloud over the nextcloud-application (server-ip and port 443), which is hopefully up-to-date. And if there is a security problem with nextcloud you are hopefully not the first hacked person. :wink:
If you think there is a security risk please destroy your computer (if windows or macos) and your smartphone (android and ios). You can better use the whole day your private, self hosted nextcloud.

Thank you for the tips.
Has somebody else suggestions regarding my initial question?

Do you add your dyndns adress with the local ip in your /etc/hosts on your dnsmasq server?

Yes I did.

I have found the solution:
After adding my dyndns-address as exception for DNS rebind protection in the FritzBox it finally works.

1 Like

Can you share your dnsmasq.conf?

I am trying to get it to work and I’m not sure about some of the options…