I think I'm out of options with setting up external access using DuckDNS

My router doesn’t do loopback so I’ve set up Dnsmasq. But, it seems that my router, Luxul XR-3150, has DNS software that will only route requests through an external interface. If I put HA’s local IP for both primary and secondary DNS servers in the router, nslookup will timeout. If I put HA’s local IP as primary and then some other DNS servers on the Internet as secondary, nslookup shows I’m being served by DuckDNS and not the local HA. I think my only other option here is to either buy a new router, or at least something else to do DHCP that can provide HA as the DNS server to internal clients. (The Luxul currently handles DHCP but does not let you specify the DNS server to provide to DHCP clients. It assumes itself.). Anything I’m missing here? Is there another option for Dnsmasq?

If I’m understanding you correctly, because it sounds like you have outside access, you want to use a domain name on your local network? The direct IP should bring you to HA just add https and accept the security risk. Otherwise the Nginx Proxy Manager community addon in the supervisor store will let you use domain name on your local network.

Thanks @Mikefila . Correct, the IP will get me there just fine when I’m local. That’s fine using a browser, with a different bookmark for each URL. But for the HA app and it’s widgets there is no way to easily or automatically switch between URLs depending upon whether I am local or remote.

I did another round of testing and I have to backtrack a bit. It seems my router just might be permitting loopback. In my local network, no related adjustments to /etc/hosts on my laptop, all local DNS configurations pointing to external hosts. I go to https://.duckdns.org:8123 … and it loads. It gets to a login page, which after a few seconds does a strange refresh. Then I put in user/pass and it gets stuck loading lovelace. Eventually the browser settles on https://.duckdns.org:8123/lovelace and a big HA logo, then below it in very dim letters “Unable to connect to Home Assistant” and then under that a blue link, “RETRY”. The browser console tells me:

core.e31d3886.js:1 WebSocket connection to 'wss://<my-ha-host>.duckdns.org:8123/api/websocket' failed: 
a @ core.e31d3886.js:1
(anonymous) @ core.e31d3886.js:1
n @ core.e31d3886.js:1
i @ core.e31d3886.js:1
(anonymous) @ core.e31d3886.js:1
lovelace?auth_callback=1&code=aaaa&state=bbbb%3D%3D:1 Uncaught (in promise) 1

Update: All of that was with Chrome. When I use Safari or Firefox with the DuckDNS URL, it never finds the host at all. That makes much more sense. I think Chrome is doing something too smart for it’s own good. Even when I test on incognito windows, it somehow finds the load HA box. I don’t get it. I’m thoroughly confused now.

So I went back to see what my settings for the companion app were to see if I could backtrack how I set it up. Sure enough I had my external address as my local. Apparently I’ve punted this and forgot about it.

The companion app docs suggest adguard, I assume dns masq is similar. After setting it up I’m still not able to connect. I’m getting the same errors as you but on a different router. It’s more than likely some thing were just both missing.

There are some other steps in the docs maybe something will stand out to you.

So I finally got it working with adguard

  1. set dns rewrite xxhome.duckdns.org to local HA ip (adguard)
  2. enable https and add keys from ssh folder in HA (adguard)
  3. forward port 443 to local HA ip:443 (router)
  4. set ha ip as dns server (router)
  5. set your wifi dns on your phone to HA ip if your using a static dns server.

That’s exactly where I’m running into problems, as described in my original post. I cannot do your step #4. My DMZ router (Luxul) seems to ignore local IPs for DNS servers. My external (AT&T) router doesn’t let me set the DNS server at all.

My only recourse seems to be setting up another DHCP server (currently provided by the Luxul.)

Thanks for sharing, and glad you got your stuff working!

Use adguards dns server.

Yeah, I was trying to do this using Dnsmasq, another DNS server avaiable from the Supervisor add-on store. The issue is not which DNS server I use, it’s that the router refuses to use a DNS servers that is inside my home network, behind the router.

Update: Sorry, I see you were trying to say I could kill two birds with one stone… Setting up a new DHCP server right now will be a headache. But eventually I’ll get around to it and that’s a good solution.

Since this is only needed for your mobile, did you try a static address on the mobile wifi connection and set just the dns server to your ha instance.

I’d rather it be more “natural” than configuring the equivalent of hosts files. I have more than just my phone. I have old tablets I use for panels around the house. And I take my phone and laptop in and out of the house regularly. AdGuard, as you suggest, will probably be the solution when I get around to it… unless I get a router that doesn’t lack some obvious features :stuck_out_tongue:

If you do wind up getting a different router, from what I read, nat-loopback is what your looking for. Then it should do rerouting without configuration.

1 Like