Currently I am running HAOS and accessing it remotely using a VPN. Then on the LAN I am using AdGuard Home for DNS. However I am exploring the best options for DNS and access, from the perspectives of both the “local-first” approach and from a unified DNS approach (e.g. Cloudflare public DNS and tunnels).
There seems to be no single DNS setup that can meet both goals. Any suggestions on how to resolve this seeming conflict?
access from outside the local network - the best solution seems to be a Cloudflare Tunnel. Here, DNS must always resolve to a Cloudflare proxy IP.
access from inside the local network - the best solution is a direct local connection. DNS must resolve to a LAN IP.
When you arrive home, your mobile device(s) must switch over from public DNS to private (unless you always want to be on a Cloudflare tunnel, which weakens the purpose of local-first server).
To add to this, I am trying to solve an issue with my Hass mobile app where it loses connection to the server, even when I am on the LAN WiFi and everything is normal. After tests, I suspect the problem relates to constant switching between DNS services (public vs private) and between IP routes on the LAN, when roaming between WiFi APs or between VPN and WiFi. I think Android caches the DNS lookup for a while, leading to a dropped connection… and then when it flushes I am able to connect again. So Cloudflare solves this problem by having a constant DNS - public - and having a “constant” IP route - public as well.
Thanks in advance for DNS and remote access approaches that have worked for you!
I think your dilemma gets a lot easier if you dispense with the idea of using Cloudflare Tunnels. There’s many other solutions using VPNs and VPN adjacent setups. The easy mode option is Tailscale - there’s a verified community add on in the official store, it does NAT traversal, it happily plugs into the VPN API on both Android and iOS, it does split routing so you don’t have to run everything over the VPN tunnel even when it’s on, and it even gives you an option for constant DNS if you like (you can tell it to use different DNS servers for different domains, always use your private DNS, use their magic DNS, use the network DNS or any combination of them)
And maybe the issue is the companion app thinking you are remote due to not having the right WIFI SSID, but since you are using VPN, then you are in fact local instead.
Thanks all for pointing the way to use private DNS for both at home and on VPN. For some reason I had never found that, probably because it is buried deep in the options for my current VPN provider. I will be taking a good look at Tailscale and similar VPN options. @Clancy , Thanks for mentioning NAT traversal because that would have been my next question - whether I would have to open ports on my router.
If you forgive my idealism, my first impression I am still a little unimpressed by the options out there right now, because a VPN is technically not as elegant as a Cloudflare public solution, even if VPN is more secure and privatized… I guess it’s always a trade-off. If I can demonstrate that being on VPN constantly is acceptable, then the trade-off will be successful. Because from a practicality standpoint switching on and off VPN when leaving/arriving home is undesirable.
Plus I will still have to run a local DNS, for desktops and IoT devices that can’t utilize a VPN.
Cloudflare has the draw of unifying DNS and being a single point of management for all types of devices and hosts. But I do understand how it is not quite right for home server connectivity. I actually only played around with Cloudflare tunneling and didn’t adopt it yet.
Currently I didn’t think I needed the feature of the mobile App to detect my home WiFi, because the FQDN of my HA instance is the same on VPN and on WiFi. But I will play with that feature in case it is a solution to my broken connections… perhaps making the FQDN different for the different networks will be more robust…
Any other suggestions from those who do use Cloudflare?
Or for those who run a local DNS together with a VPN, do you keep the VPN on all the time - even when at home? (@WallyR from some of your other posts it appears you use local DNS + VPN)
