Configuring “Split DNS”, “NAT Loopback” or “Hairpin Nat” for On-Premise Installs

How to make an FQDN that resolves internally and externally.

Introduction

If you are installing 3CX on-premise, you must configure an FQDN that resolves both externally (from outside your network) and internally (within your local network). The best way to achieve this is to create two zones for the same FQDN, one for external users and one for internal.

This is also called a “Split DNS”, “NAT loopback” or “hairpin NAT” configuration. This allows users to seamlessly connect with the 3CX Apps or the 3CX Web Client whether they are in or out of the office - using the same secure FQDN / URL to the Web Client.

Furthermore it ensures that access to the Web Client is via a secure FQDN and not an IP, which sooner or later will be disallowed by a modern browser.

To achieve this you must have a DNS Server or firewall in your local LAN that can be configured to do this.

Configuration and naming on popular firewalls

In this guide we have created an example using Microsoft DNS server which is included in Microsoft Windows Server. We have used a 3CX provided FQDN, although you can do this with a custom domain as well. The process is similar for other DNS Servers.

Depending on your network configuration, it is also possible to use your firewall to achieve the same thing. On a firewall it is referred to using a different term depending on the vendor, e.g. Loopback NAT, Split Brain DNS etc. Here are some links to terminology and configuration guides from top firewall vendors:

Configuring Split DNS on Microsoft DNS Server

Step 1: Create a New Zone

Configuring Split DNS on Microsoft DNS Server: creating new zone

From the Windows Server Manager application:

  1. Click “Tools” on the top right on the Server Manager window and from the drop-down menu select “DNS”. The DNS manager will open.
  2. Right-click on your server’s name and select “New Zone…”
  3. The New Zone Wizard will open. Click “Next”.
  4. Leave the default “Primary zone” selected and click “Next”.
  5. Select “Forward lookup zone” and click “Next”.
  6. Enter your zone name. This is your 3CX FQDN, for example “mypbx.3cx.eu”. Click “Next”.
  7. In the Zone File page leave the default options selected and click “Next”.
  8. In the Dynamic Update page leave the default options selected and click “Next”.
  9. Click “Finish”. Your newly created zone will now appear under Forward Lookup Zones.

Step 2: Add a New Host

Configuring DNS: How to Add a New Host in the 3CX System

  1. Right click on the zone you have just created and select “New Host (A or AAAA)…
  2. Leave Name Empty so we force usage of the parent domain (Which is the FQDN).
  3. In the IP Address field enter the local IP of your 3CX server.
  4. Click “Add Host”. A dialog will appear confirming that the record was added.

Step 3: Test your DNS Entry

To verify that your DNS server resolves your FQDN to the correct IP address:

  1. Open a command prompt window on a computer in your LAN.
  2. Type in
    nslookup
    followed by your domain name, e.g.:
  1. nslookup pbx.example.com
  1. If the DNS settings are correct, you should get the IP address of the host you specified.

This concludes your configuration of Split DNS! You can now use a single FQDN whether on the local network or outside the office!  

See Also

Last Updated
This document was last updated on 18 June 2023
https://www.3cx.com/docs/creating-fqdn-split-dns/