How to Configure Split DNS / Horizon

[Flagelmann]

Hello,

I found out only other two entries about this topic, Split Horizon / DNS, but unfortunately I did not get completely the info that I need in a clear way.

As it would be very useful to use this app but there's lack of any detailed, scenario-based, documentation of this app, I would like to ask if any of you has finally configured it properly on his own self-hosted instance.

The scenario in which I am is the following:

• I have a primary DNS zone configured and working correctly, with several A records registered.
• This DNS server is serving both my LAN but also some personal devices from internet, mainly using DoT configuration (Private DNS).
• The DNS domain used is and MUST remain the same for both internal and external requests but providing a different IP based on where the device is located (and here it is the need of Split DNS).

Now, I have checked other few posts I have found about the Split Horizon app and it seems it is done by doing two main steps:

1. Opening the "Config" part from the app page and modifying/saving the main configuration file of the app (where specifying the networkGroupMap and the groups basically).
2. Then creating an "APP" record in which we have to define in the "Record Data" some other spec about the actual translation needed.

NOTE: need also to understand better the "externalToInternalTranslation" purpose defined under each group.

Personally, I get the idea of the configuration, but still do not get a full picture of the configuration in Technitium DNS server, as there is a complete lack of a full example, so the "main configuration" + "APP record" properly configured and explained.

Right now to configure it for me it seems basically a trial and error.

Anyone that could provide a full example on how to properly configure the Split Horizon app for this scenario (no need of a CNAME example, but A record example)?

Many thanks

[ShreyasZare]

Thanks for asking. Unfortunately there is no documentation available for the apps. However, there is plan to support GUI for all apps so it should be more user friendly and easy to understand once GUI is available.

The Split Horizon app supports 2 features. First is to use APP record which is useful only when you have the zones locally hosted. With this APP record, you can return custom A or CNAME response based on the request's IP address.

The second feature is Address Translation which works globally (for all domain names hosted or not) and is to be configured via the app's config. In there, you need to configure groups for the client networks and in that group you can specify the external to internal translation map. This feature will automatically check for all the responses and replace any external IP match with internal IP as defined in the config.

Let me know if you have any more queries regarding the config.

[Flagelmann]

Thanks for your availability ShreyasZare. :)

Ok, let's say that I want to use the APP record approach and not the global config approach.

I go to the actual zone, then I open the new APP record section, as shown below.

Then I want to specify, for the specific subdomain, let's say g.example.com that for internal LAN based on 192.168.1.0/25 the IP that should be returned to clients will be 192.168.1.40 and for all the others the public IP one, how should I configure the "Record Data" section?

[ShreyasZare]

You're welcome :)

The record data JSON for that scenario will be as follows:

{
  "192.168.1.0/25": [
    "192.168.1.40"
  ],
  "0.0.0.0/0": [
    "<public-ip-address>"
  ]
}

The 0.0.0.0/0 network address will match to all addresses.

Edit: fixed missing comma in example.

[Flagelmann]

Perfect. :D

Ok, this is a first common simple scenario that would be very helpful to introduce to Split DNS in Technitium.

Thanks a lot, by doing some first tests even using Private DNS on multiple Android devices it seems working as expected, getting the proper IP as expected.

There is a missing comma in the example above, but fixed as follows:

{
  "192.168.1.0/25": [
    "192.168.1.40"
  ],
  "0.0.0.0/0": [
    "<public-ip-address>"
  ]
}

[ShreyasZare]

Good to know you got it working. Will edit to fix missing comma.

[UncleVic]

I have the same question because I'd just faced out with Split a week ago.

What about A records? Do I have to remove them completely or not?

[ShreyasZare]

I have the same question because I'd just faced out with Split a week ago.

What about A records? Do I have to remove them completely or not?

If you have A records then those will get returned. So you will need to remove them so that the requests hits APP record.

[kranked]

Sorry to revive an old thread, but can you point it to a ANAME? e.g.
{
"192.168.1.11": [
""
],
"0.0.0.0/0": [
"webserverexample.lan"
]
}

[ShreyasZare]

You can do that using the SplitHorizon.SimpleCNAME class path option.

[kranked]

ah that should of been obvious, thank you!

[ShreyasZare]

You're welcome!

[kranked]

I have this app record set for tplinkcloud.com however the 0.0.0.0/0 range is still receiving the public IP, any ideas? (also tried the subnet the DHCP serves specifically, 192.168.7.0/24 as in screenshot.)

I also get the following message if I set up the same record for the specific subnet the camera is trying to resolve. - n-device-api.tplinkcloud.com

2024-11-13 19:37:34 | 192.168.7.106 | Udp | Authoritative | ServerFailure | n-device-api.tplinkcloud.com -- | -- | -- | -- | -- | --

Extended error from DNS client:

{
"Metadata": {
"NameServer": "tuvipdnsserver1 (192.168.3.62)",
"Protocol": "Udp",
"DatagramSize": "57 bytes",
"RoundTripTime": "3.01 ms"
},
"EDNS": {
"UdpPayloadSize": 1232,
"ExtendedRCODE": "ServerFailure",
"Version": 0,
"Flags": "None",
"Options": []
},
"DnsClientExtendedErrors": [
{
"InfoCode": "NetworkError",
"ExtraText": "tuvidnsserver1 (192.168.3.62) returned RCODE=ServerFailure for n-device-api.tplinkcloud.com. A IN"
}
],
"Identifier": 63900,
"IsResponse": true,
"OPCODE": "StandardQuery",
"AuthoritativeAnswer": false,
"Truncation": false,
"RecursionDesired": true,
"RecursionAvailable": true,
"Z": 0,
"AuthenticData": false,
"CheckingDisabled": false,
"RCODE": "ServerFailure",
"QDCOUNT": 1,
"ANCOUNT": 0,
"NSCOUNT": 0,
"ARCOUNT": 1,
"Question": [
{
"Name": "n-device-api.tplinkcloud.com",
"Type": "A",
"Class": "IN"
}
],
"Answer": [],
"Authority": [],
"Additional": [
{
"Name": "",
"Type": "OPT",
"Class": "1232",
"TTL": "0 (0 sec)",
"RDLENGTH": "0 bytes",
"RDATA": {
"Options": []
},
"DnssecStatus": "Disabled"
}
]
}

[ShreyasZare]

Thanks for the details. Since you are using SimpleCNAME class which generates a CNAME record, you cannot use an IP address in the config. You will need to use a domain name and then setup an A record for that domain name to resolve the request correctly.