7·
4 hours agoproof of the kid and parents thing
Spend some time around todays parents and their young kids. It’s so incredibly common to see small kids (I’m talking 2-8y/o) just completely enticed by a screen, ignoring everything else around them, and screaming their heads off whenever it’s taken away. It’s become a bit of an epidemic, with many many article’s and videos discussing the topic.
Here’s the first result I got on YouTube: (having just now listened to it while typing this comment, it actually does a descent job explaining the problem) https://youtu.be/QE_E9Q9jVzU Feel free to do further searching yourself…
It’s not limited to just children either, they’re just the most susceptible.
https://en.wikipedia.org/wiki/Network_address_translation#NAT_hairpinning
TL;DR Your router sees you trying to reach your external address and routes the connection back to your LAN without leaving the network.
This does still depend on a functional internet connection however, as your client gets your public IP from a public DNS server over the Internet.
If you were to run a DNS server locally (I use pihole for this), you could have that DNS respond with your local IP, allowing clients within your LAN to resolve the name without needing to reach out to public DNS. This means your local connections will still work when your internet is down; it also provides more privacy by keeping those requests local and can let you make local-only names that aren’t publicly listed.
Of the ~28 FQDNs in my setup, only 4 are public. The rest is local/vpn only and not publicly listed due the above. The reverse proxy then drops all connections that don’t use one of those recognised names, before even completing the TLS handshake. (So direct connections from someone port scanning my IP or using a domain name someone else has pointed at my IP are completely ignored/dropped without response. The server doesn’t even send the TLS cert so as to not expose the names defined in it.)