What VPS are you using?
You should be able to setup a firewall, blocking all access to the SSH port. Then setup a VPN so that only you can access via SSH after making your VPN connection.
If you connect via a static IP, you can also create an ACL for the VPN connection just in case. You can set an ACL for the SSH port forward rule directly as well, but I don’t like that personally. I prefer keeping things behind the VPN.
Very strange, but glad you worked it out!
I’ll keep this thread in mind if I ever run into something similar.
Well, dig is available also of course, but nearly all distros still include nslookup despite it getting deprecated. I like the simplicity of its interactive mode.
Host is also really great with more human-readable output.
Don’t get me wrong, when things are getting hairy, you’re going to make a lot of use of dig. I just find that most troubleshooting can be taken care of a lot simpler with host or nslookup.
nslookup is available on macOS and most Linux distros as well (and very helpful indeed).
Yeah if you can dig a record and received a response it’s not a routing issue.
But aren’t you on the same subnet as your DNS server? There’s no routing happening if you’re on the same subnet which I was assuming.
Even through dig defaults to outputting A records when no other options are specified, I would use the A option anyway just in case:
dig @192.168.0.249 study.lan A
If you use “ping study.lan” do you see it output the A record IP address in the first line of output?
Did you try using nslookup as I described?
How exactly are you testing this from your client, with ping? What are you using to query the DNS?
If you run nslookup from the client
I’m assuming you’ve run ifconfig to verify your client’s NIC has been assigned the correct DNS via DHCP?
If you want to be able to accept mail, you’ll need to directly expose your mail server on your public IP (router configuration required). You’ll also need to allow your server to egress your WAN as well. That being said - if you really want tighten your security, and don’t care about missing some emails, you could limit your server to seeing only those servers you know you’ll be communicating with, such as work, bank, or GMail servers only.
You can make it so that retrieving your email with your client of choice requires a VPN connection to your home network also.