I'm new to websockets and I'm experiencing a strange behavior: to refer to my WebSocket server (implemented with Nodejs) I use a registered FQN domain (assume "websocket.example"): this is necessary because I use the “secure” version of the protocol (wss) and so I need a valid SSL certificate.
In my router (which acts as a DNS server for my LAN) I set up a record that resolves requests to "websocket.example" to the internal IP address of the server(192.168.x.x).
In other words, if I run an nslookup connecting to any DNS server in the world, I get my company's public IP address, but if I make the request from within my LAN I get the private IP one. Both server and client use this router as DNS server, but it seems that wss requests points to the public IP address instead of the private one.
I made a web page (hosted in the same server machine, on Apache, using a differtent port) that connects to "websocket.example" via JavaScript websocket API: if I test it from a PC inside my LAN the page fails, unless I add a NAT rule on the port I use for wss. In other words it seems the web page is trying to connect to the server through the public IP instead the private one.
Yet if I ping the address websocket.example on both server and client I obtain the private IP address.
Could someone please explain to me where I am going wrong?
I'm new to websockets and I'm experiencing a strange behavior: to refer to my WebSocket server (implemented with Nodejs) I use a registered FQN domain (assume "websocket.example"): this is necessary because I use the “secure” version of the protocol (wss) and so I need a valid SSL certificate.
In my router (which acts as a DNS server for my LAN) I set up a record that resolves requests to "websocket.example" to the internal IP address of the server(192.168.x.x).
In other words, if I run an nslookup connecting to any DNS server in the world, I get my company's public IP address, but if I make the request from within my LAN I get the private IP one. Both server and client use this router as DNS server, but it seems that wss requests points to the public IP address instead of the private one.
I made a web page (hosted in the same server machine, on Apache, using a differtent port) that connects to "websocket.example" via JavaScript websocket API: if I test it from a PC inside my LAN the page fails, unless I add a NAT rule on the port I use for wss. In other words it seems the web page is trying to connect to the server through the public IP instead the private one.
Yet if I ping the address websocket.example on both server and client I obtain the private IP address.
Could someone please explain to me where I am going wrong?
Share Improve this question edited Feb 14 at 16:10 Dvd1975 asked Feb 14 at 15:39 Dvd1975Dvd1975 33 bronze badges1 Answer
Reset to default 0Browsers in general tend to prefer using their own built-in resolver over the system one, and it is common (especially I think for Chrome and even more so the "privacy oriented" forks, but Firefox as well) for them to talk to an external DNS-over-HTTPS (DoH) server, or a "trusted recursive resolver" as they call it. This effectively bypasses your system's resolver configuration.