Well that is what would happen if transparent... if one is failing is because it tried to resolve normally and it failed.

PM me the details of domains and example what you queried that did not fail on one, etc

local domain sub.domain.tld, transparent. And you query something.sub.domain.tld and no record of that locally then it will try and resolve that normally.. Which may or maynot get you a response.

If you do not want anything to be resolved normally in this domain your using locally then you would set the zone type to static.

Using a domain locally that is public as well can lead to unwanted sort of responses.. Especially if you do not control the public NS for this domain.

Unbound can only follow the default route or server-specific routes in the routing table (if you have forwarders setup). It doesn't know about active or inactive WANs.

If you are in forwarding mode with multiple servers configured and some using each WAN, then it is normal for unbound to query them all. Again, it doesn't know about active or inactive WANs, it just queries the forwarders and tracks their quality at all times.

If you are in non-forwarding mode, then you may want to change the option under System > Routing so the default gateway follows your chosen gateway group.

No, that is not possible.

I had this same (or at least very similar) problem. What worked for me was simply switching from "DNS Resolver" to "DNS Forwarder".

Using "DNS Resolver", if I did an "ANY" query for my locally-defined DHCP host name, there would be no answer. After I switched to "DNS Forwarder", it responded with the "A" record for the VDP host.

@bmeeks Thank you for this tip, so cool that pfsense is prepared for everything! I have APC, will try apcupsd.

@lifespeed said in local host (domain) name lookup from outside LAN?:

OK, I'll revisit this tonight. I guess I should make both A (IPv4) and AAAA (IPv6) records? The A record would specify subdomain, a port for NAT and the mydomain.com, while the AAAA would specify subdomain, port and mydomain.com?

No. A records are for IPv4 addresses and AAAA for IPv6. You'd create an A record for every IPv4 address that can be reached directly, not hiding behind NAT. You'd also create AAAA records for IPv6 addresses, but you don't have NAT getting in the way. Also, a DNS server returns only an IP address to match the host name. It does not return port numbers. If you have NAT on IPv4, you could create an A record for the address and then rely on port forwarding to get to the correct local device. One other possibility is that for http & https, the headers can be read to determine what the original URL was and then forward accordingly.

Again, unless you have your own authoritative DNS, the public DNS records must contain the FQDN for each server on your network. It cannot break down between domain and subdomain.

Sorry for the long time to response because i was very busy and i take a time to understand wireshark and a little ipv6 😋. The problem come from another router that i disabled his dhcp service to use it as AP (wireless). Then i disabled its ipv6 to resolve the problem.

@Mats, I knew that one was coming, which is why I said "dropping the Windows server is not an option. I know that will be suggested, so please don't bother." I see now that I should have written "not using the Windows server and RRAS is not an option". It's because of a proprietary company application running on the main office's server that has to have an outgoing connection from the main office through my server's IKEv2 to work.

@johnpoz Thanks! I'll keep it on the server then.

@bimmerdriver said in DNSSEC Not Working:

I don't think there are any clock issues or upstream connectivity issues.

Do not assume. Check.

Awesome

@firedemon said in DHCP issuing wrong ip's for wrong VLANs:

I deleted the bridge as I had all VLANs as members of 1 bridge.

Huh.. Yeah that is Borked for sure!!

Yeah do your span on your switch.. Grab whatever vlans you want.

@bmeeks

I think i found the problem.

In slave state the zone file didnt get generated.
If i sate the state on my secondary node to master to zone file get generated, and mxtoolbox query workes.

Someone can give advise about this?

Thanks for your response @NogBadTheBad .

I was thinking more like a command to add an host overides from pfsense developper shell (option 12).
Like you suggested, I will use custom options, I tested with 250 lines

I can backup and restore without touching file systems ☺

Regards

@Derelict Okie, i'll give it a try!

Thanks for your input @johnpoz. I will look into that later.