Improving the accessibility of my server

Hello, I need the community’s power to solve a problem!

I have the following setup:

grafik611×520 59.7 KB

I have openWRT running on my router and all connections are forwarded to IPFire. Dynamic DNS is also configured in IPFire (see image). A reverse proxy server (SWAG, from linuxserver.io) runs on the server itself under Docker, which forwards to the corresponding subdomains, also Docker containers.

grafik1012×877 45.2 KB

My configuration usually works very well. I can access the servers externally from the internet as well as internally from the green network.

Sometimes I have no connection to my server, either externally or internally. When this happens, it’s usually enough to reconnect to the Internet, which assigns me a new external IP address. I’ve also noticed that when I access my server from the green network using my browser, I often get network timeouts and I have to refresh the page several times before it loads. My guess is that something is wrong with the routing.

Where can I start to improve accessibility?

One thing that I see from your Dynamic DNS WUI page is that your current host with duckdns.org is disabled and therefore will not be getting updated.

You need to tick the checkbox next to the pencil under the Action column.

Your hostname is shown in blue and this indicates that the DDNS hostname is disabled. If enabled and OK it will be shown in green. If it is in red then some sort of update is required.
See the documentation.
https://www.ipfire.org/docs/configuration/services/dyndns#hostname-colors

Did you add the names in Edit hosts file?

I use it to point to my reverse proxy server. NPM

I have tick the checkbox next to the pencil to enable the Dynamic DNS.

No I don’t. My Server has a fix IP Address.

As I wrote in my first post, I only have problems sometimes. Most of the time, everything works fine and I can connect to the server.

Duck DNS shows me that my domain has the IP address: 79.245.185.xxx:

grafik1273×738 54.1 KB

This IP address shows my router, too!

grafik452×211 14.6 KB

When I try to ping my server address, the address is resolved to a different (wrong) IP address.

ping https://<my_domain>.duckdns.org
PING https\058\047\047<my_domain>.duckdns.org (93.195.208.246) 56(84) Bytes an Daten.

--- https\058\047\047<my_domain>.duckdns.org Ping-Statistiken ---
9 Pakete übertragen, 0 empfangen, 100% packet loss, time 8097ms

ping <my_domain>.duckdns.org
PING <my_domain>.duckdns.org (93.195.208.246) 56(84) Bytes an Daten.

--- <my_domain>.duckdns.org Ping-Statistiken ---
9 Pakete übertragen, 0 empfangen, 100% packet loss, time 8095ms

I get the same ping result when I use a computer outside my network.

How can it happen that the IP address is resolved incorrectly?
This means that the DNS servers have not been updated correctly!

You can check DNS propagation on the following page

https://dnschecker.org

edit

Other useful online tools

dnschecker.org shows that for my server different IP addresses are resolved.

grafik585×864 78.3 KB

Shouldn’t you be pinging just the domain without the https://?

logs are found here.

under logs system menu

image1008×260 10.6 KB

This shows different DNS servers around the world are having a different IP for the same domain name.

From my understanding the 79.245.185.xxx IP is your current one. Can you confirm that the 93.195.208.246 was an IP for your connection with your ISP previously?

If yes, then the only reason I can think of to have the old IP still linked to some DNS servers is that the TTL (Time To Live) has been set too high for the IP associated with that domain in duckdns. You should be able to check what the TTL is set to for your ddns entry for that domain.

Normally, with the default TTL that ddns providers set up a change to the IP should get propagated across all DNS servers within a relatively short period.

I have a ddns domain with Dynu and the TTL for that is set at 120 seconds so after any IP change the new IP for that domain should get propagated within a couple of minutes.