How I use Split DNS with NextDNS
I use a split DNS setup to enhance speed to my local services at home and security while on the go.
I use a split DNS setup with NextDNS. When on my home Wi-Fi or VPN my devices connect to a NextDNS profile that rewrites any wxcyber.com subdomain to my local reverse proxy server.
Benefits
This provides a key benefit to me: speed. I've noticed significant latency and bandwidth limitations when proxying Kasm through Cloudflare. I still have my Kasm instance proxied through Cloudflare that I can use when on other devices. However, my Mac it will connect to Kasm locally which allows me to use remote desktops with the extreme setting selected.
Another key benefit is security. I don't have my Proxmox host or Dockge instance proxied through Cloudflare. Even behind Cloudflare Access I am wary of exposing these to the internet. These servers are critical to my network infrastructure and services used by my clients. I am still able to access Proxmox at vm.wxcyber.com and Dockge at docker.wxcyber.com by utilizing a reverse proxy.
Some services I don't have enabled for local connectivity. Such as my website, blog, and web analytics because I want to see these services just as my visitors will so I can identify problems quickly.
How to setup
Nginx Proxy Manager
I use Nginx Proxy Manager as my reverse proxy. It is very simple and has a great Let's Encrypt integration that allows me to get wildcard SSL certs for free!
Use this docker compose file to setup NPM:
version: "3.8" services: npm: image: jc21/nginx-proxy-manager:latest restart: unless-stopped ports: - 80:80 # Public HTTP Port - 443:443 # Public HTTPS Port - 81:81 # Admin Web Port # Add any other Stream port you want to expose # - '21:21' # FTP environment: DISABLE_IPV6: "true" volumes: - *replaceme*/npm/data:/data - *replaceme*/npm/cert:/etc/letsencrypt
Login to NPM by going to http://yourdockerhost:81. The default user is: [email protected]. And the password is: changeme. Setup an SSL certificate by going to the SSL Certificates tab. From there add your services by going to Hosts > Proxy Hosts. Fill out the required information which will vary by services. Use the images below as a reference for adding Kasm:
NextDNS
Login or create a NextDNS account at nextdns.io. Add a DNS rewrite by going to Settings > Rewrites > New Rewrite then enter your Domain (Ex. kasm.wxcyber.com) and your NPM host's IP in the Answer field.
Now traffic to your chosen service will be routed locally once you've added NextDNS as the resolver for your device.