DNS is the most powerful thing in your empirekeeping your network secure while making it easy to access your applications. Along with some appropriate firewall rulesit lays the foundation for a solid home network, but there’s one problem that most don’t talk about.
This is the headache of dealing with DNS queries from local devices as well as from your own devices when they are outside your network. One service, multiple IP addresses and getting them to work properly can be a pain. Not everyone wants to install Tailscale on their friends and family’s devices or expect them to remember to use them, and the easiest option is to set up split DNS so that the domain names you use for your services are resolved wherever they are.
The problem no one tells you about self-hosting
It’s not always DNS, but it could be the cause of what’s happening here
DNS issues are the bane of any self-hoster, and there are a number of tricks to fix them, but it’s always best to use the recommended fixes. Let’s say we’re trying to access our Jellyfin server, so we’ve set up A records at our domain registrar. to provide jellyfish.example.com resolves to the same IP addressregardless of where our devices are. The problem with this is that if we’re on our home network, the traffic has to go to the name servers and then back into our home network, which causes a NAT hairpin and also adds latency.
That’s not good, and the extra lag is only part of the problem. If you protect those apps like this, it might break OAuth, or you’d have to hack the hosts file accesses on every device you use so they resolve properly. Then it’s a headache to keep up with all those little tweaks, and there’s a better way.
The fix is to self-host a DNS server with split-horizon functionality
Technitium is my favorite DNS server because it supports split DNS along with ad blocking, zones and clustering. You will need it Split Horizon The app is from the built-in app store and is quite simple to install. Basically, it allows you to use the same domain name for multiple IP addresses depending on it where request is coming. Requests from your home network can be made from a local IP address, mobile devices, etc. and requests will be served from a public IP address.
Split DNS is the solution to most of your self-hosting problems
It solves the four main problems with self-hosting that are otherwise frustrating to fix
To get split DNS working properly, we need a few things first. Use a good naming scheme for domains used with our applications, preferably a domain you control, and one FQDN subdomain per application. jellyfin.domain.com, ha.domain.com, or auth.domain.com. We only want one domain per application because it’s easier to associate multiple IP addresses with that, and then split DNS works as expected.
We also want every client to use our DNS server so nothing goes through the public DNS first. It just has to be Enter A/AAAA records for self-hosted domain names such as jellyfin.domain.com It resolves to 10.0.0.20. Any other DNS resolution must be forwarded or resolved normally. If you have already installed a reverse proxy, use the built-in wildcard that will automatically grant access to local services when they are added to the proxy.
Two final things to keep in mind are that internal private IPs should be preferred when resolving from within the home network, to avoid NAT and router errors, and to keep a document somewhere with a list of internal zones, invalidated hostnames, and which resolver services.
Advantages of Split DNS
Split DNS fixes problems before they become problems:
- NAT avoids hairpins
- Allows the same hostname to be used on LAN, VPN and mobile network
- Ensures you hit the correct service when reusing names
- Fixes OAuth and forwarding headaches
Split DNS setup it doesn’t take long and you can use the DNS resolver of your choice. I prefer Technitium because of how easy it is to do other tasks, but you can do the same thing with Pi-hole or Unbound or BIND9 or PowerDNS or whatever server you want.
With Split DNS you can:
-
On LAN clients:
homeassistant.example.com → 10.0.0.40(LAN HA). -
In VPN clients:
homeassistant.example.com → 100.x.x.x(Tailscale node). -
About internet clients:
homeassistant.example.com → Cloudflare/VPS IP.
This ensures your devices always pull the correct IP address for their location and gives you the best latency. It’s also easier to keep common, because you only need to set everything up on the DNS server, rather than in hosts files scattered across each device. I like to use OAuth to make security easier, but it breaks when it doesn’t get the redirect domain it expects. With Split DNS, the OAuth provider always sees the same domain name, even if the IP address changes, making your life easier.
Split DNS takes a bit of time to set up, but it saves a lot of headaches
Once you enable split DNS on your DNS server, you no longer need to worry about where your DNS queries are coming from. Gone are the days of tagging internal and external IP addresses; all you need is the subdomain you set for each self-hosted application. The DNS server will forward your requests to the correct destination depending on whether your device is on the local network or not. The last thing to build for make sure nothing can bypass your DNS serverso your domains will always resolve to the correct services.
