Hassio with Add-ons DuckDNS and DNSmasq using port 8123.
Internal and external web access works well on my iPhone ( IOS App, Safari and Chrome) using the following URL: https://redacted.duckdns.org:8123
(I added my Raspberry PI’s IP address as a DNS server to my iPhone WiFi settings for the internal access.)
(The DNSmasq Add-on was needed for internal access.)
My problem is internal (ethernet) access from the Chrome browser on Windows 10.
Using the above URL I get the message that “This site can’t be reached”
If I use: https://192.168.1.XXX:8123
I can get connected but only if I allow “Unsafe” access.
The site is considered “Not Secure” and the “https” is crossed out in red.
I tried adding my Raspberry PI’s IP address as a DNS server to the Advanced TCP/IP Settings/DNS Tab
in the Windows 10 properties on my Ethernet network adapter similar to the iPhone set up but this had no affect.
Thanks for you response. It makes sense.
I have a T3200M router. I went into Advanced Settings -> LAN IP and DNS Settings and found a section called “Set the DNS values”
I found two DNS server so I set one called Statically Assigned to the IP address of my pi.
Sadly, it made no difference. (also tried pi IP address for both DNS servers.)
So now the router is back to the default which was "DNS relay performed by Gateway "
Should I reboot the router?
Is there some Windows Firewall issue to investigate?
PS.
I now understand that https can only secure if the browser can access duckdns.org to get my certificate.
My ISP is Telus and the T3200M router is made by Actiontec.
There is a DHCP Reservation section which I have used to statically assign IP addresses to MAC address.
DNS server is mentioned on a “LAN IP and DNS Settings” page at the bottom as shown in the picture.
You can not just set your HASS as a DNS Server as it is not one. However, if you set up Pi-Hole on the same device that is running your HASS then that could work because Pi-Hole has a local DNS build-in. Then you can set your Sub.Domain.TLD to resolve locally back to your hass ip address. To do this you will need to put your router into bridge mode.
I have the DNSmasq Add-on which is installed on my pi with hassio.
I don’t see any purpose blocking ads to access Home Assistant or having to use another type of DNS server.
I can access my DNSmasq server from IOS on my iPhone connected by WiFi to the same internal
network as my pi resides. I can use the same URL to access HA whether at home or not.
I am really looking for a Windows 10 solution to do the same. I believe that a Windows 10 solution would be more universal than hacking away at router settings. There are too many router variations out there.
Like in this image you need to have a DNS Server (LDNS) on the inside of your network to Locally Resolve your Domain. Pi-Hole Can act as a DNS server that is why I suggested it you do not have to use it as an ad-block & there are other options but I know Pi-Hole works as its what I do at my house.
I think what you need to do is setup lan loopback on your router. On mine it is in the “virtual server” page, ie where you set up port forwarding. Works for me.
Dnsmasq is what Pi-Hole uses also actually, so if you have that installed on your Hass your in effect doing the same thing that I was advising to do if its not working it would suggest you have dnsmasq misconfigured. Here is a link on how to configure dnsmasq for pi-hole it might provide some insight.
Thanks for everyone’s input.
Using windows tracert I discovered that my network adapter was using IPv6 protocol to find a DNS server.
So it was ignoring the IPv4 address I had added for the DNSmasq server running on the pi.
SOLUTION:
To fix go into the properties for your ethernet network adapter and deselect Internet Protocol Version 6.
(Use Internet Protocol Version 4)
Now https://redacted.duckdns.org:8123 works in both Chrome and Firefox on Windows 10.
No messing with routers.
