Need help EdgeRouter internal DNS

So, I have an NVR at a bar I work with that is port forwarded so that the manager can see the camera feed while he’s away on his phone (currently setup using IP). I have a domain redirect for them, but it is not in use right now because I can’t figure out how to get internal DNS working. So if I set up his app right now using the domain he won’t be able to see the cameras while using the bar WiFi.

Under ‘Wizards’ in the GUI, I created a static host name pointing to that IP address. This has just the host name, not the domain behind it. My DHCP servers (usings seperate VLANs for NVR, computers, WiFi, and POS) all have the same domain and the PCs receive this info through DHCP. All of my clients are pointed to the router for DNS. I can ping the NVRs IP, but NSLOOKUP (FQDN and short name) fails at the router. I think it’s still trying to resolve externally. Anyone with more DNS XP able to shed some light on this? I’ve yet to use an EdgeRouter for internal DNS.

Edge Router could mean a router that is not only for the internal network but I have to guess you’re talking about the product from Ubiquiti?

You could check if your router supports NAT hairpinning and just use the external DNS?

From what I gather your router does not officially support proper DNS? If you’re using the same search domain as the absolute domain in the DNS system your router may use DNS relay and go with the external IP. I did read something about EdgeOS installs of DNS servers but it looked like a work around and not an officially supported solution.

Ok not sure what NAT hairpinning is but I’ll look into it. Seems odd that it wouldn’t be supported though. Just cross-posted with UBNT forums, if solution is found I will post it here.

It’s a check box in the port forward section.

Is it enabled, but on eth1, not br0, which everything is connected to. All of my VLANs are on interface 1.x. Guessing this is the problem?

Cfg if it helps

https://pastebin.com/9T82vKPp

I can ping the FQDN but it’s replying from an outside address

Maybe this will help? https://help.ubnt.com/hc/en-us/articles/115002673188-EdgeRouter-Using-dnsmasq-for-DHCP-Server

Are you using the bridge to essentially make the LAN ports into a switch?

To confirm, you are able to access the cameras from WAN via domain name but not from inside the LAN?

From inside, I can ping then FQDN but it does not reply from my DVR. And yes that’s what the bridge is for. eth1 leaves that router and feeds my switch

you need something that over rides DNS, pfsense will do this if your current router will not. the only other thing you could do is set the app up as if he has a second location and use the internal IP. while on wifi the IP profile will work.

EDIT: maybe one of the POSs can host a DNS server and the router point to it. it would be a cheep option. you could add an entry for that DVRs address to the internal IP. it should then route wifi device to the DVR while your external still hits router and portforwards

maybe another way to do this but DNS overrides is all ive found. i have to do the same myself. i had a TV pulling a stream out to plex and back in the house at 720p, it was maximum eye twitchyness.

EDIT1:noted edit
EDIT2:space after edit

The Ubiquiti can do this. I have it functional in multiple locations. I think the bridge might be complicating the situation.

@jlbrown.tech you shouldn’t be able to ping through the port forward/NAT reflection because it’s only forwarding certain ports.

Are you able to access the DVR/cameras remotely via WAN? That has to work before you worry about the hairpin NAT.

Yes I am. But from inside the lan when I ping the cams.x.com domain it replies from an outside address.

Ended up saying fuck it for now and set up a DNS server in Hyper-V lol

This is expected. You want to test the specific ports you have forwarded via telnet.