24
submitted 1 year ago* (last edited 1 year ago) by TheOldRepublic@lemmy.world to c/nostupidquestions@lemmy.world

Hi

Currently I'm running a few servers at my home and I own a domain. I'd like to access those servers from outside my network (right now that happens through a VPN) but I don't know anything about A records and MX records and as I understand, that's what's needed to do this. So would there be a tutorial that explains this like I'm 5 years old?

top 13 comments
sorted by: hot top controversial new old
[-] nitrolife@rekabu.ru 3 points 1 year ago* (last edited 1 year ago)

On DNS you need A record if you have ipv4 only or A and AAAA records if you have ipv4 and ipv6.

You DNS outside you home servers? If you have dynamic IP at home you can't host DNS on home server.

You have only 1 IP? You need port forwarding on you home gateway to home servers if you use somerhing like SSH. If you want access to something web based you need proxy. NGINX for example.

How it exactly work:

  • Somewhere someone write youdomain.com in browser.
  • Browser ask local dns: who is youdomain.com
  • local dns ask another dns, and another and in one iteration request go to you dns. Or maybe some of dns have cached answer. But imagine that not.
  • You dns send answer youdomain.com is 111.222.333.444 for example. That is A record.
  • DNS work stop on that.
  • Browser send request to 111.222.333.444 with HTTP header "Host: youdomain.com" and some path. / or /something maybe.
  • Some balancer should get request and send in to right server in you home network.

UPD: don't show to internet something risky interfaces. Proxmox web panel or something like that. This is a real bad idea. For that type of services VPN extremely greatest. Send you DNS to public without protection not a great idea too. Including pihole. I think you will get into some botnet already on the 3rd day of work.

[-] magmaus3@szmer.info 3 points 1 year ago

A (and AAAA) records store your IP address, while MX record stores a domain for email servers to use.

[-] TheOldRepublic@lemmy.world 1 points 1 year ago

So if I want to go to www.mydomain.com/pihole to go to my pi-hole instance, I would create an A record containing the internal IP of pi-hole and an MX one to configure the subdomain (www.mydomain.com/pihole), is that correct?

[-] magmaus3@szmer.info 3 points 1 year ago

No, the MX recourd is only for emails, and for the paths (like in your example), it's handled by your server.

Also, the subdomains are subdomain.yourdomain.com.

[-] ZenGrammy@lemmy.world 2 points 1 year ago

Hi there. We hope you're enjoying NSQ. Will you please edit your post title so that it contains a question? It's rule 1 in the sidebar. Thanks for posting!

[-] liblame@kbin.social 2 points 1 year ago

So an a record is nothing more than a name you connect with an ip address. Your computer takes that name and asks your dns server (in your case hour pi-hole) who that is. Your dns then looks it up and tells your pc that this address is the ip 157.22.4.67 (just made that up and don’t know what’s there). So then your pc connects to that ip.
PCs can’t really work with names and need ip address to reach anything over the internet.
It’s like your home address so that the post office can deliver to you. That means every device that is reachable over the internet needs a unique ip address. Like how your home address that needs to be unique too.

But now comes the more complex part. There is a device that sits between your local network and the internet. Like the door on you house.

Because ip addresses are limited they declared that there should be private ip ranges that won’t be able to be used on the wider internet, and these are 192.168.x.x, 10.x.x.x and I forgot the third range.
These ip ranges are only usable on your network.
They are like little postal addresses that only the people living in your house know and can go there. The postman delivers to your house address and you take that letter and give it to the recipient that maybe lives in a room in your cellar. Your postman doesn’t know but you do. In that case you are the router your provider gave you. That router uses something called a NAT (network address translation) to deliver the package to the device that asked for it. Because most connections are going out from your network to the internet it’s mostly plug and play.

So what you can do is go to your domain provider and change the A record to the external ip address that your router is using but be warned there a countries where the provider changes your ip address with every reconnect (mine does).

And here is the tricky part. Your router needs to know to whom he has to deliver and you can tell him that with port forwarding. That means that if you try to connect with a browser to your external ip address it goes to port 80 if you use http:// or 443 if you are using https:// and your router needs to know to whom these connections go and that should be your server.

And now comes the harder part. You have to have a web server on your home server that uses port 80 or 443 to accept these packages and shows you your sites that you want to reach. I don’t remember much from configuring nginx/apache to help you there but the rest should be searchable.

TL;DR: A records are like postal addresses that say behind that name is that ip address so that a computer can go there.

[-] foggy@lemmy.world 2 points 1 year ago

Not sure about a good resource. Do you know what both of those records do?

Your domain needs a nameserver. It... Serves the name associated with your IP. Or vice versa idk. This can be GoDaddy or namecheap, google, amazon, or you can host your domain locally, but the it's not on the internet. This part is difficult for me to explain, so here's ChatGPT with the assist:

To clarify the two different aspects:

Local Nameserver: This is a DNS server that runs on your local network and is used by devices within your network to resolve domain names to IP addresses. Setting up a local nameserver allows you to control DNS resolution for devices within your local network. You can configure your devices to use this local nameserver for DNS resolution instead of relying on public DNS servers.

Public DNS: When you lease a domain (purchase or register a domain name), you need to set up DNS records for that domain on public DNS servers. These public DNS servers are maintained by your registrar or a DNS hosting provider. They are responsible for translating your domain name into the corresponding IP address and making it accessible from the internet.

So, if you have a domain registered with a registrar, you need to set up DNS records for that domain with the registrar's DNS servers or a DNS hosting provider. This is necessary for your domain to be reachable from the internet. Additionally, you can still set up a local nameserver for your local network to handle DNS resolution within your network.

If you want to experiment with DNS and test how DNS works locally, you can set up a local nameserver on your network. However, to make your domain accessible to the public, you must still configure DNS records with your domain registrar or DNS hosting provider. Keep in mind that managing public DNS requires knowledge of DNS configuration and security practices to ensure your domain functions correctly and remains secure

Now that that's kinda clearer than I can make it... What is an A record? What is an MX record? If you already know, ignore me.

An A record is an address. It's the main resolution of your ip. An A record for example.com is example.coms IP address

A CNAME is a "canonical name" and is how you build subdomain. "WWW" is a common CNAME that usually points to the domain. "Mail" is also popular, it usually points to an e mail client.

MX records are mail exchange records. This tells email which servers to go to to get delivered.

Hopefully that helps a bit. I'm not an excellent resource but I do know me some dns.

[-] TheOldRepublic@lemmy.world 1 points 1 year ago

Sorry for the late reaction. I found a solution in cloudflare tunnels. Works, and easy enough to understand.

[-] runaway@lemmy.sdf.org 1 points 1 year ago

What is your end goal? What services are you trying to access from outside your network?

[-] TheOldRepublic@lemmy.world 1 points 1 year ago

Lots of servers running. Main System is proxmox. I have an Ubuntu server running on that with docker installed which runs about everything (pi-hole, nginx, jellyfin, radarr, sonarr, (even) Firefox, and more). So end goal would be to go to www.mydomain.com/pihole to access pihole, to www.mydomain.com/jellyfin to go to jellyfin and so on.

[-] Amcro@lemm.ee 3 points 1 year ago

I’d recommend running pihole.yourdomain.com or jellyfin.yourdomain.com instead. I think using yourdomain.com/service might cause you some problems, that’s why i heard other recommend use subdomains instead.

[-] runaway@lemmy.sdf.org 2 points 1 year ago

What I'd personally recommend is Cloudflare Tunnels, it allows you to lock down access to your services with an emailed code or other authentication method, as well as avoiding having ports forwarded to your services. It's an easy way to avoid port forwarding and not have to worry about whether all the services you're hosting are 100% secure, since you'll be exposing them to the internet.

The downside is you're routing all your traffic through Cloudflare.

[-] TheOldRepublic@lemmy.world 1 points 1 year ago

I discovered this one too. Don't care about the downside as long as it works and is easy a ough to do...And it is, worked right out of the box. The only problem I have now is that my website (hosted on the servers of a domain provider) is not accessible anymore. Tried to redirect to the correct ip, but it's not working. I have an nginx server too but for some reason that ip is also unavailable, while the one from my jellyfin (which is on the same proxmox) is 🤔

load more comments
view more: next ›
this post was submitted on 28 Jul 2023
24 points (96.2% liked)

No Stupid Questions

35699 readers
1304 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 1 year ago
MODERATORS