How do i set this up for lan-only use to redirect a personal domain to a lan ip address?

[Betonhaus]

Right now I have a server running several docker apps, that are proxied through ngnx. I purchased a domain name and have the apps available at different subdomains of that domain, but they resolve to my WAN ip address so that all access is routed through my modem. I wanted to set up a local dns server that would forward regular requests to global dns servers, but redirect my domain name to the 192.168.xxx.xxx ip address when devices are on the local network (but lettign them still resolve to the WAN ip when they are outside the network.

I thought I just had to set up forwarders and a zone, but the zone only works for the main domain, and all subdomains refuse to connect. adding a * entry worked for a little while but eventually keeps breaking. I can't seem to find any documentation for setting the dns server up like this, as all instructions seem to set up that my dns server is accessible on the global internet, something I do not want.

[ShreyasZare]

Thanks for asking. You just need to create a Conditional Forwarder zone with "This Server" as the forwarder. In the zone just create the records for subdomain names you want or if all of them resolve to a single local IP then use a wildcard subdomain record. This setup will resolve the records you have added in the zone.

Do not use web browsers to test it. Test the setup using DNS Client tool on the admin panel. Once you confirm the domains resolve to correct IP then test it with your web browser. If your web browser still resolves to public IP then it probably has DoH enabled and is not using your local resolver so you will need to check the browser options and disable DoH.

[Betonhaus]

can DOH be run through a proxy if I give it an internal only domain name

[ShreyasZare]

The DoH that web browsers use by default are public DNS providers like Cloudflare. You can use a local DoH service too but its of not much use since its your private network. Disabling DoH and using your local DNS is the only way.

[Betonhaus]

I know that this can run alongside systemd-resolved when you set it up right on the host network, but is it possible to set it up to run on a docker bridged network? it seems that opening port 53 fails because it's in use by systemd-resolved, but what if I close all ports, enable dns-over-http, and have nginx proxy manager forward requests to one of the server's assigned ip addresses directly to dns-server?

most devices and browsers seem to default to DoH, which also happens to be the only devices that would need to access the dns server this way.
unless dns-over-https is required, and I don't quite see how to sign an ip address and i think dns-over-https rejects unsigned entries.

[ShreyasZare]

DoH is not for local use in private home networks. It needs you to buy a domain name and configure SSL cert which is non-trivial activity to maintain.

[Betonhaus]

I already have a domain name, and ssl certificates are handled with Nginx Proxy Manager and letsencrypt. I was mostly looking for some sort of DNS hijack when on a local network so I can still access my home server when on my home network without traffic being routed through my wan, but as I understand what is involved better I realize that it would be easier to just have a mdns address for local use and use tools that automatically redirect to the server's lan address when on the local network. Either that or figure out DHCP v6 addressing which should figure that out automatically.

[Betonhaus]

Considering that the app that this is most important to already supports switching to an ip address when on the local network, and the homepage to my server lets me set a different url for apps which can be an ip address, it might be simpler to just install avahi and set up a proxy domain to a mdns .local address.