Sorry to bring this up again…
I am trying to use the FQDN that I set up in the DDNS to connect to my VPN server. But it seems to resolve to some other address than my WAN IP.
I set up the DDNS service to use Cloudflare API. I created a Token API with Zone Zone Read & Zone DNS Edit permissions. I also added an A record in my public DNS called home.domain.net. I manually changed the public DNS to be some random IP. Then I did a Save and Force Update on my DDNS in OPNsense and it correctly updated my WAN IP for the A record in Cloudflare. So that part works…
However, when I try to nslookup the FQDN using Unbound as the name server, I get a different IP
NOTE: I have changed all public IPs in the below logs to hide my domain name as it’s personally identifiable
[~]── - nslookup home.domain.net 192.168.1.1
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: home.domain.net
Address: 101.87.98.110
Name: home.domain.net
Address: 172.33.25.119
Name: home.domain.net
Address: 2606:4700:zzzz::yyyy:ab77
Name: home.domain.net
Address: 2606:4700:wwww::xxxx:1d6e
[~]── -
If I try it again say with Google’s DNS server, it will give me the other address that is listed :
[~]── - nslookup home.domain.net 8.8.8.8
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: home.domain.net
Address: 172.33.25.119
Name: home.domain.net
Address: 101.87.98.110
Name: home.domain.net
Address: 2606:4700:zzzz::yyyy:ab77
Name: home.domain.net
Address: 2606:4700:wwww::xxxx:1d6e
[~]── -
and it keeps switching between these 2 IPv4 addresses
When I try to ping the FQDN, it gives me the same result:
[~]── - ping -c2 home.domain.net
PING home.domain.net (172.33.25.119) 56(84) bytes of data.
64 bytes from 172.33.25.119 (172.33.25.119): icmp_seq=1 ttl=59 time=16.2 ms
64 bytes from 172.33.25.119 (172.33.25.119): icmp_seq=2 ttl=59 time=16.8 ms
--- home.domain.net ping statistics ---
[~]── -
Pinging again will sometimes give me the 172.33 address and at other times will give me the 101.87 address. But neither one is my actual WAN IP. So when I try to use home.domain.net as the FQDN to connect to (in the OpenVPN Connect app) it tries to connect to the IPv6 address which eventually times out.
I get the same IPs with the dig command, never my WAN IP.
How would I make sure that I can connect to my WAN IP and thereby my VPN server using the FQDN (home.domain.net) that I set up in the DDNS service?