[Dnsmasq-discuss] Configure to return external IP instead of internal one

[Brad Morgan]

> Hi, I recently got a router running dd-wrt firmware, which includes dnsmasq as its DHCP and DNS server.

> I have my router as a NAT, and it has an external IP, let's say 111.111.111.111 and an internal IP, 192.168.1.1. I have also a domain name registered
> (3rd party DNS server, naturally outside of my LAN) that points to 111.111.111.111.

> I'm running a web server behind the NAT, and I have set the port forwardings accordingly. It works, when I'll access it from outside of my LAN.

> However, when I try to access it from inside of the LAN using the domain name, it doesn't work. The problem is that when trying to resolve 
> the domain name, dnsmasq apparently knows that 111.111.111.111 and 192.168.1.1 point to the same piece of hardware, meddles with the
> query and returns the 192.168.1.1 IP address instead of 111.111.111.111. This is troublesome, since I want it to resolve to
> 111.111.111.111 as 192.168.1.1 points just to the router's web configuration interface. The port forwarding works only when accessed 
> using the IP address 111.111.111.111. (I can verify that the address 111.111.111.111 itself works as expected even from inside 
> of the LAN – it's just the domain name resolution that works differently than I'd like it to work.)

> How could I configure dnsmasq not to meddle with the resolution of FQDNs? (I don't want to disable it completely, because the LAN hostname
> resolution to private IPs is such a nice feature.) I already googled and read the man page, but didn't find any relevant setting.

My answer is going to make some assumptions because the information you have provided is not complete. My assumptions are:

1) The outside (wan) IP address of the dd-wrt router is 111.111.111.111. 
2) The router running dd-wrt firmware has an internal (lan) IP address of 192.168.1.1.
3) The web server has an internal (lan) IP address of 192.168.1.x (where X does not equal 1).

>From the outside, your domain name resolves to 111.111.111.111 and packets sent to port 80 at that address are port forwarded to 192.168.1.x.

>From the inside, your domain name resolves to 192.168.1.1 which is completely wrong, it should resolve to 192.168.1.x.

I'm going to guess that you have told the dd-wrt router that your internal domain name is the same as your external domain name. This would cause the problem you are seeing. Change your internal domain name to something different like your external domain name with the .eu or .com or whatever replaced by .localnet or your add "internal." to the beginning of your internal domain name. You can find supporting documentation for both cases on the web.

Once you have a separate internal name for your server, then you can add a host entry on the dd-wrt router for your external name that points to 192.168.1.x and access to your web server will be optimal from both inside and outside. If you don't add the host entry, dd-wrt will recognize that your external name is external, and return 111.111.111.111.

Brad