On your LAN DNS server (say, pi-hole), you could add an A record for your Immich’s domain name that points to the internal IP address so clients on your LAN would simply resolve the LAN IP instead of trying to do fancy NATing. Make sure your browser doesn’t try to do DNS over HTTPS, which would skip your local dns.

Or you could run everything on a meshVPN like Tailnet. That way the (VPN) IP of the Immich server doesn’t change and the Tailnet will route the traffic over your LAN when your clients are local.

Are you interested in the networking side of self hosting? If so, you should get a better router, something you can run OPNsense or similar on. There are other “options”, but they’re workarounds that avoid fixing the real problem.

The term you would search for here is “split-horizon DNS”. Assuming you’re using a real domain name with hosts, you want a DNS server inside that resolves the LAN address, and the outside DNS server for everyone else resolves your WAN address (which presumably you reverse-proxy to inside host).

Even better is to not expose the service at all from the outside, use a VPN like Tailscale, and then use their MagicDNS service on the tailscale network to keep everything behind the firewall.

Every service you expose to the outside is more attack surface.

That’s what made me install Adguard Home, just so that I could bypass my hairpin DNS issue. There are still things that don’t work and I haven’t found the time to fix those, but for me at least, Immich works the same inside and outside the house! (My gf uses /e/OS and her DNS overrides Adguard Home which is a shame, but that’s in the list of “doesn’t quite work perfectly”)

My option is to use a VPN at home. Sad world. It’s the only way I can sleep well.

You’ve got two options I can think of:

1. As others have eluded, split DNS. You need something handling DNS resolution internally that allows you to add custom records. You’ll need to add a record of type “A” pointing to the internal IP where Immich sits.

2. Since you have Immich published to your public IP, you can use hairpin NAT. This is something that is a lucky dip with routers as to whether it works or not and only some make it configurable. This will allow you to hit Immich via public IP and the router will “hairpin” the traffic out to the WAN interface and back in. This is how I do it so I don’t make a spaghetti mess of DNS records.

Failing to resolve DNS doesn’t sound like this is actually the problem though. Do you have a domain registered and DNS records pointing to your public IP? Does it resolve fine outside your network? If yes, then something may be wrong on your internal network’s DNS resolution.

Also worth noting, if you only just created the records in public DNS then tried to resolve it straight away, they will not have propagated yet and your DNS resolver will cache the “record doesn’t exist” result for some time (most I’ve seen is a couple of hours).

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

[Thread #227 for this comm, first seen 9th Apr 2026, 15:10] [FAQ] [Full list] [Contact] [Source code]

Okay so… How do you have it set up and configured? You’ve given us nothing to go on.