Let's say I've got Nextcloud selfhosted in my basement and that it is accessible on the world wide web at nextcloud.kickassdomain.org. When someone puts in that URL, we'll have all the fun DNS-lookups trying to find the IP address to get them to my router, and my router forwards ports 80 and 443 to a machine running a reverse-proxy, and the reverse-proxy then sends it to a machine-and-port that Nextcloud is listening to.
When I do this on my phone next to that computer hosting Nextcloud, (I believe) what happens is that the data leaves and re-enters my home network as my router sends the data to the IP address it is looking for (which is itself). This would mean that instead of getting a couple hundred Mbps from the local wifi (or being etherneted in and getting even more), I'm limited by my ISPs upload speed of ~25Mbps.
Maybe that just isn't the case and I've got nothing to worry about...
What I want my network to do is to know that nothing has to leave the network at all and just use the local speeds. What I tried before was using a DNS re-write in Adguard such that anything going to my kickassdomain would instead go to the local IP address (so like nextcloud.kickassdomain.org -> 192.168.0.99). This seemed to cause a lot of problems when I then left the house because, I assume, the DNS info was cached and my phone would out in the world and try to connect to that IP and fail.
My final goal here is that I want to upload/download from my selfhosted applications (like nextcloud) without being limited by the relatively slow upload speed of the ISP.
Maybe the computer already figured all this out, though - it does seem like my router should know it's own IP and not bother sending things out into the world just for them to come back.
If it matters, my IP address is pretty stable, but more importantly it is unique to me (like every house in the neighborhood has their own IP).
Updates from testing: So everything does indeed just work without me needing to change how I already had it set up, presumably because the router did the hairpin NAT action folks are talking about here.
I tested it by installed iperf3 on the server then I used my phone (using the PingTools Network Utilities android app, only found on google play and not on f-droid) to connect. Here are the results:
- Phone to local IP address (192.168.0.xxx) - ~700 Mbits/second
- Phone to speedtest.mykickassdomain.org while still on the wifi - ~700 Mbits/second
- Phone on cellular to speedtest.mykickassdomain.org - ~4 Mbits/second
Others have already answered but this might help understand.
On cloudflare DNS, I set my domain to point to external IP address my ISP gives me for my router. Ie example.com points to 107.474.274.12
Within my network, my internal DNS (pi hole) is set to point to the internal IP address of my server. Ie example.com points to 192.168.1.23
Note that in the first example, the router has port forwarding so that all https traffic (port 443) is forwarded to the internal IP of my server, 192.168.1.23. I'm both example, the traffic ends up in the same place but the route it takes depends on if the traffic starts inside my network (example 2) or outside of the internet (example 1).
So i had done this (with Adguard rather than pihole) and i think i was getting caching issues. Whether or not i was, though, i removed it and it looks like my router is handling it all just fine without the rewrite on the local DNS server.
Some folks mentioned "hairpin NAT" - i was reading the wiki on NAT last night but didnt get to hairpin, but that appears to be what is happening.
The conclusion is - my setup had been doing what i want the whole time without any DNS fiddling. I updated the original post with the speedtests.
Yes, hairpin can make it work but some routers don't seem to do it well.
The other issue is that on wireguard by DNS is set to pi hole and without doing this my internal stuff wasn't working without doing this
I do this too, with Pi Hole as well.