Alright, so you already have your own NextCloudPi server ( or any other similar service ) at home. You also registered for Dynamic DNS with no-ip.org and set it up using the installer from last post.
Now you might or might not have another extra problem.
You can configure your Android or laptop sync client for NextCloud with your flashy new dynamic DNS domain, so you can access to your private cloud at home from outside, but depending on the modem-router provided by your ISP, you will find that you might not be able to access through URL from inside your house.
In this situation you
- Can access from the street typing something like mycloud.ownyourbits.com
- You can only access from inside your house using your local IP. Something like 192.168.0.130.
This happens because you modem-router DNS combined with the configuration of your Internet Provider is not set well enough to redirect the DNS queries that you direct towards the outside of your house back towards the inside.
If it does not work for you is because this is happening
The solution to this is to set up your own DNS server inside your house, and point all of your devices to it.
You then have the ability to configure it to direct any queries to mycloud.ownyourbits.com to 192.168.0.130 .
Your new situation would be like this
For this, we will use the dnsmasq daemon. It is a very compact little server that also has the ability to provide DHCP and more, but here we will use it as a DNS redirect server with cache.
A nice upside is that we will achieve DNS caching, so we will accelerate all the internet lookups inside our home! More on that later.
Configuration
There are two options for configuration, depending on wether you are installing it in your already set up and running Raspberry Pi ( online installation ), or if you use the NextCloudPi image. See details below, but the configuration is exactly the same.
- DOMAIN is the URL to access from outside and inside your house. Use the same one you signed up with no-ip.org or any other DDNS provider.
- IP is the local IP of your Raspberry Pi in your network. In my case is 192.168.0.130
- DNSSERVER is your ISP’s DNS server preferably. If you do not know this IP try to figure out which one it is. Maybe it will show up if you write cat /etc/resolv.conf , maybe it will be on your modem-router administration URL.
- CACHESIZE is the number of DNS URLs to keep in cache. 150 is the default, I have 1000.
If you cannot discover your ISP DNS, Google DNS ( 8.8.8.8 and 4.4.4.4 ) will always work for your, but the one provided by your ISP will always be faster, not to talk about the privacy implications of Google knowing every single URL you use.
On some modem-routers, you can set your RPi local address as the primary DNS provider. Keep your ISP DNS provider as secondary. If you can do this, no further configuration is needed.
Otherwise, you will need to configure your devices to use your Raspberry Pi’s address for DNS lookups.
For your PC, configure it in Network Manager if that is what you use, or set it up in /etc/resolv.conf like this
|
1 2 |
nameserver 192.168.0.130 # point this to your RPi local IP nameserver 8.8.8.8 # this one should be your ISP DNS |
For your Android, you will sadly need to configure a static address. Configure your Raspberry Pi as your primary DNS provider and your ISP as your second.
Whenever you are outside of your house, the local address will have no configured route, so it will use the secondary DNS provider without any speed penalty.
Installation
Get it already made
I have included this in the latest release of my NextCloudPi, a ready to use Raspbian 8 image featuring NextCloud 11, HTTP2, PHP7 and more.
Follow the instructions provided. Once up and running, from your Raspberry Pi write
|
1 |
sudo nextcloudpi-config |
Do it yourself
First, clone the repo
|
1 |
git clone https://github.com/nachoparker/nextcloud-raspbian-generator.git |
Online installation through SSH
Use the generic software installer with the script dnsmasq.sh
|
1 |
./installer.sh dnsmasq.sh 192.168.0.130 |
Adjust to the IP address of your Raspberry Pi.
If you do not want to be asked for the username and password, and you changed the default password for user pi, you can specify username and/or password in the command line.
|
1 |
PIUSER=nacho PIPASS=ownyourbits ./dnsmasq.sh no-ip.sh 192.168.0.130 |
Offline installation
You can do this process offline using QEMU.
Extract the SD card and copy the image to your computer (adjust sdx).
|
1 |
sudo dd if=/dev/sdx of=my_rpi.img bs=4M |
Then,
|
1 |
./installer.sh dnsmasq.sh 192.168.0.130 my_rpi.img |
Once done, you can copy it back (adjust sdx).
|
1 |
sudo dd if=my_rpi.img if=/dev/sdx bs=4M |
Usage
In order to check that it works, you can use the dig utility from the bind-tools package.
Try it out with any URL
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
$ dig foursquare.com ; <<>> DiG 9.11.0-P3 <<>> foursquare.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54427 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 9 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;foursquare.com. IN A ;; ANSWER SECTION: foursquare.com. 60 IN A 23.235.33.154 foursquare.com. 60 IN A 23.235.37.154 ;; AUTHORITY SECTION: foursquare.com. 142798 IN NS ns-1013.awsdns-62.net. foursquare.com. 142798 IN NS ns-1360.awsdns-42.org. foursquare.com. 142798 IN NS ns-91.awsdns-11.com. foursquare.com. 142798 IN NS ns-1758.awsdns-27.co.uk. ;; ADDITIONAL SECTION: ns-91.awsdns-11.com. 39359 IN A 205.251.192.91 ns-91.awsdns-11.com. 163713 IN AAAA 2600:9000:5300:5b00::1 ns-1013.awsdns-62.net. 143513 IN A 205.251.195.245 ns-1013.awsdns-62.net. 165815 IN AAAA 2600:9000:5303:f500::1 ns-1360.awsdns-42.org. 143072 IN A 205.251.197.80 ns-1360.awsdns-42.org. 162489 IN AAAA 2600:9000:5305:5000::1 ns-1758.awsdns-27.co.uk. 144060 IN A 205.251.198.222 ns-1758.awsdns-27.co.uk. 168270 IN AAAA 2600:9000:5306:de00::1 ;; Query time: 38 msec ;; SERVER: 192.168.0.130#53(192.168.0.130) ;; WHEN: jue mar 02 00:01:05 CET 2017 ;; MSG SIZE rcvd: 388 |
You can verify that the query went through your dnsmasq server in 192.168.0.130 and took 38 milliseconds.
You can also see that because the query was not cached, your RPi had to ask your ISP provider for the IP address associated with this URL.
Let’s do the same query a second time
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
$ dig foursquare.com ; <<>> DiG 9.11.0-P3 <<>> foursquare.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7710 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;foursquare.com. IN A ;; ANSWER SECTION: foursquare.com. 47 IN A 23.235.37.154 foursquare.com. 47 IN A 23.235.33.154 ;; Query time: 0 msec ;; SERVER: 192.168.0.130#53(192.168.0.130) ;; WHEN: jue mar 02 00:01:18 CET 2017 ;; MSG SIZE rcvd: 75 |
This time the query is cached, so our RPi will answer directly with the IP associated to the URL, and it will be way faster, we went down to 0 milliseconds!
Rich content websites can be constantly querying different URLs and a single website can be loaded by the combination of many HTTP requests. In this cases, the performance benefit of having cached DNS results will be more noticeable.
Extras
If you would like to provide a URL for a particular IP in your local network, you can specify this in two ways.
- dnsmasq can read the contents of /etc/hosts in your Raspberry Pi, so just by adding entries there, those URLs will be available in you local network.
|
1 |
192.168.0.130 mycloud.ownyourbits.com |
- you can also specify the DNS rule in /etc/dnsmasq.conf using a line like this
|
1 |
address=/mycloud.ownyourbits.com/192.168.0.130 |
This behaviour can be modified by other configuration parameters in /etc/dnsmasq.conf.
You can also set up dnsmasq as a local DNS cache for your computer. The main configuration options to change in /etc/dnsmasq.conf are
|
1 2 |
listen-address=127.0.0.1 bind-interfaces |
Code
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 |
#!/bin/bash # dnsmasq DNS server with cache installation on Raspbian # Tested with 2017-01-11-raspbian-jessie.img (and lite) # # Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com> # GPL licensed (see end of file) * Use at your own risk! # # Usage: # # ./installer.sh dnsmasq.sh <IP> (<img>) # # See installer.sh instructions for details # DOMAIN_=mycloud.ownyourbits.com IP_=127.0.0.1 DNSSERVER_=8.8.8.8 CACHESIZE_=150 DESCRIPTION="DNS server with cache" install() { apt-get update apt-get install -y dnsmasq update-rc.d dnsmasq disable } configure() { cat > /etc/dnsmasq.conf <<EOF domain-needed # Never forward plain names (without a dot or domain part) bogus-priv # Never forward addresses in the non-routed address spaces. no-poll # Don't poll for changes in /etc/resolv.conf no-resolv # Don't use /etc/resolv.conf or any other file cache-size=$CACHESIZE_ server=$DNSSERVER_ address=/$DOMAIN_/$IP_ # This is optional if we add it to /etc/hosts EOF cat >> /etc/hosts <<EOF $IP_ $DOMAIN_ # This is optional if we add it to dnsmasq.conf, but doesn't harm EOF cat >> /etc/default/dnsmasq <<EOF IGNORE_RESOLVCONF=yes EOF update-rc.d dnsmasq defaults service dnsmasq start cd /var/www/nextcloud sudo -u www-data php occ config:system:set trusted_domains 2 --value=$DOMAIN_ } cleanup() { apt-get autoremove -y apt-get clean rm /var/lib/apt/lists/* -r rm -f /home/pi/.bash_history systemctl disable ssh } # License # # This script is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This script is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this script; if not, write to the # Free Software Foundation, Inc., 59 Temple Place, Suite 330, # Boston, MA 02111-1307 USA |
References
https://wiki.archlinux.org/index.php/dnsmasq
https://www.g-loaded.eu/2010/09/18/caching-nameserver-using-dnsmasq/
