December Adventure: How does DNS work

How could something so simple be so complicated

personal
december adventure
reverse proxy
traefik
dns
Author

Shannon Quinn

Published

Posted on the 17th of December in the year 2024, at 9:06pm. It was Tuesday.

Meme showing a haiku: 'It's not DNS / There's no way it's DNS / It was DNS.' Credit: https://www.reddit.com/r/sysadmin/comments/6qhih0/its_always_dns/

I always feel like I have the dumbest questions, mostly because I cannot seem to find answers on the internet.

(either that, or my questions are so SMART, no one’s thought of them; or search engines have gotten SO BAD that they don’t really work anymore… equal odds, I’d say)

In my last post, I’d prototyped a way of reverse proxying a service that runs on a different physical machine than the reverse proxy itself (and which perhaps should be stated explicitly: the service is also NOT part of the kubernetes cluster that the reverse proxy is). However, I couldn’t actually access it… because I didn’t have a DNS entry for said external service. I could reach the reverse proxy, but it didn’t know where to go from there.

Which made me realize a conundrum: how do I actually configure DNS to do this?

I’m trying to set up a subdomain on a domain I already own (quinnwitz.house), except this subdomain is only accessible from my LAN. So anytime someone goes to, say, jellyfin.home.quinnwitz.house, it does nothing unless they’re on my home LAN, in which case they’ll go to my local JellyFin instance (and it’ll have an SSL cert).

It’s clear I need to create an A record for a wildcard domain… but it’s not clear 1) where this A record should reside (the base quinnwitz.house domain is on Cloudflare; is that where it should go, too?), and 2) what it should point to.

I did manage to find a single Reddit thread asking pretty much exactly this question: is it safe to put a wildcard subdomain on Cloudflare, pointing to an internal IP address? The answer seems to be “yes”, but I can’t help but wonder if this is the “right” way of doing it.

After posting about my last update on Mastodon, I did get a couple of responses (thank you! and yes, traefik does indeed support externalName). But the crux of it all still assumed I had a wildcard A record set up somewhere, when… that is currently not the case, and is indeed the thing from the previous update where I mentioned that I knew what was wrong, but wasn’t sure how to fix it.

If anyone has any ideas, I’d love to hear it.

As an aside, there are some great DNS memes out there. Here are two of my favorites.

Meme of the History Channel interviewee, saying 'I'm not saying it's DNS, but it's DNS.'

History Channel actually gets it right.

Meme showing a counter of 'Days since it was DNS', with the count set to 0.

It’s always DNS.

Citation

BibTeX citation:
@online{quinn2024,
  author = {Quinn, Shannon},
  title = {December {Adventure:} {How} Does {DNS} Work},
  date = {2024-12-17},
  url = {https://magsol.github.io/2024-12-17-december-adventure-how-does-dns-work},
  langid = {en}
}
For attribution, please cite this work as:
Quinn, Shannon. 2024. “December Adventure: How Does DNS Work.” December 17, 2024. https://magsol.github.io/2024-12-17-december-adventure-how-does-dns-work.