Wrong DNS records
-
Hi
When i do a nslookup from a linux machine i get a record / address that is not supposed to be there. I have tried to restart the dns service on the pfsense and tried to flush cache on linux client with no luck.
the record for provisioner01 with ip 10.100.1.3
the record for provisioner02 with ip 10.100.1.4are wrong. they shouldnt be there and they are not in the pfsense in services / dns resolver.
Anyone have an idea what i should clear / restart in order to remove those records ?
Thank you.
-
@samuellsk those are rfc1918 - you need to look where you put those or where they are coming from. They would not return that if asking the internet, because for one they are not there, and 2nd they are rfc1918 and rebind protection would not allow those to be returned to the client without specific settings allowing that in pfsense - ie turning off rebind protection or setting the domain as private.
-
I assumed that it was clear enough that the range is not the problem. So i ll try to be a little bit clearer this time. - maybe i ve got your answer wrong.
I ve asked, specifically dns at ip 10.100.1.254 whats the ip of the proviosioner01 and 02. And he replied with 20 days old ip addresses respectively ending with 1.3 and 1.4 (in RED squares , but in reality he should have replied only with the ones in GREEN squares ending 1.31 and 1.32 - like configured, cause if i dump the config and search for them, they are nowwhere). The question is simple , WHY ? Where are they if not in the cache of pfsense router ? Where is he getting them ? Tcpdump showed that he replied (not "something instead" of router).
the whole zone is on the lan part of the router, so the upstream dns have no idea whats in there, so he cant be getting that from there.
And yes the dns rebinding protection is enabled (the disable option is unchecked)
-
@samuellsk said in Wrong DNS records:
Where are they if not in the cache of pfsense router ?
did you actually restart unbound. There is no place to cache those.. If those are the records you have there, that is what would be returned if you asked unbound.
did you remove the old records.. Your getting both back.
-
@samuellsk What IS serving that rohp01.brightpick.ai domain and if you query that name server what do you get?
pfSense would normally query public DNS (which doesn't resolve rohp01.brightpick.ai) or pfSense's DNS Resolver could be set to forward all queries to another DNS server (which could have the domain configured locally) or Resolver could have a domain or host override (which would set rohp01.brightpick.ai or a hostname to forward to specific DNS servers).
As noted since there are two answers it's likely old records were not removed.
-
figured it out, there was an old dhcp reservation on one of the carp routers that were not synchrnoised.