Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Forwarder Service | Some query and verification

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      maelove.am
      last edited by

      We do have pfsense running version 2.6.0, I just want to clarify if I miss some configuration

      1. Internet and dns query works fine
      2. Typical network setup, ISP>pfsense>coreSW>AP>workstations
      3. DNS Forwarder was enable on pfsense and running
      4. DHCP was configured on coreSW with dns-list pointing to firewall LAN IP

      Then here comes the thing that keep me wondering for a week now:

      1. When I do traceroute going to internet let say 8.8.8.8
        I noticed that each private IP (let say the first hop) like the gateway IP (which in this case the vlan interface of the coreSW) has domain name with this format
        "<IP>.lightspeed.moblal.sbcglobal.net"
        and when I do network scan, all devices hostname show this format

      2. Run some network inventory like runzero and it tag this domain with type RDNS which is base on research is a PTR or reverse dns thing

      My questions are:

      1. how to disable it? or this is normal behavior of pfsense upon using dns forwarder service?
      2. Which reverse lookup zone pfsense is using to tag my private IPs with this domain
        'lightspeed.moblal.sbcglobal.net' that not even our domain name
      3. OR this domain is from public DNS that I put under system>general setup>DNS Server Settings?

      Appreciate the help or any feedback from pfsense guru here in this forum
      I hope I put this topic on the right section.

      Thank you in advance, let me know if you need more clarification on the settings of my pfsense espc on the dns forwarding service

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @maelove.am
        last edited by Gertjan

        @maelove-am

        We do :

        2 : I agree.
        3 : For my own curiosity : resolving isn't what you need ?
        4 : pfSense isn't the DHCP server, do I get that right ? The DHCP runs from a switch ?

        Then :

        1 : Like - an a windows PC on my LAN :

        C:\Users\Gauche>tracert 8.8.8.8

Détermination de l’itinéraire vers dns.google [8.8.8.8]
avec un maximum de 30 sauts :

  1    <1 ms    <1 ms    <1 ms  pfSense.my-local-LAN-network.net [192.168.1.1]
  2     1 ms    <1 ms    <1 ms  MyISPBOX [192.168.10.1]
  3    10 ms     9 ms     9 ms  80.10.239.117
  4    27 ms    27 ms    28 ms  ae119-0.ncbor202.rbci.orange.net [80.10.154.10]
  5    34 ms    33 ms    33 ms  ae42-0.nipoi202.rbci.orange.net [193.252.100.30]
  6    27 ms    28 ms    28 ms  193.252.137.14
  7    27 ms    27 ms    27 ms  google-45.gw.opentransit.net [193.251.255.116]
  8    28 ms    29 ms    29 ms  108.170.235.161
  9    27 ms    27 ms    27 ms  142.251.49.137
 10    27 ms    27 ms    26 ms  dns.google [8.8.8.8]

Itinéraire déterminé.

        Can you show yours ?
        An please tell if you run this command from pfSense or a device on your network.
        You can even do both.

        2 : I agree. When I ask the reverse of one of my LAN based devices :

        C:\Users\Gauche>nslookup 192.168.1.33
Serveur :   pfSense.my-local-LAN-network.net
Address:  192.168.1.1

Nom :    diskstation2.my-local-LAN-network.net
Address:  192.168.1.33

        Where pfSense is 192.168.1.1 - and unbound 'knows' about my local devices (I've set them up using DHCP static MAC leases, so the relation IP and host name are set)

        3 : OR this domain is from public DNS

        Right. I presume you haven't set no where on your local devices this network name 'lightspeed.moblal.sbcglobal.net'
        What is your local DHCP server using as a network name ? Or, what is the network name your clients receive from the DHCP server ( ipconfig /all)

        edit : I've instructed my resolver to forward to 8.8.8.8 for a while.
        tracert (traceroute) and nslookup results where still correct for me.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        M 1 Reply Last reply Reply Quote 0
        • M
          maelove.am @Gertjan
          last edited by

          @gertjan hello, first thank you for your comments

          1. When I use dns resolver service before, I can't get it to work that's why I tried testing the dns forwarder instead.
            What I did before on dns resolver was >> enabled it>>enable port forwarding option>>put public dns on general setup>dns setting
            then on the client side, since I have my dhcp configured on the core switch, dhcp setup was to use firewall IP as DNS but I dunno what I'm missing here coz i doesn't work

          2. yes your right, dhcp was configured on my coreSW, then default route to pfsense

          then

          1. this is my traceroute (executed on the client and from pfsense)
            f05eaa7e-2d33-468b-b658-601d1da0f628-image.png

          21bef4a8-be4d-4daa-a0f8-a16ac088b763-image.png
          there you can see that the private IP within my VLAN86 has this domain..I can't figure out where the hell that domain came from

          I run it on the test server that is directly connected to coreSW

          1. 05693c20-c594-4cd1-8098-7c173073a675-image.png

          there you can see reverse lookup also works where 86.10 is the gw ip of vlan86
          my dns was 10.1 (pfsense lan ip)
          and the domain for that IP for me is unknown.. I can't remember I did configure such domain
          Do you think it's something on my dhcp setup on the coreSW?

          1. this is my system>general setup
            e8dfe10f-be27-4a93-aac3-2a429e58b9f2-image.png

          Yes, I haven't set this domain as network name for local devices

          I don't have network name. this is what I configured so far on the coreSW for the DHCP
          c6d9f315-1215-4596-9d8b-4e2e4c629e78-image.png

          you can see there, I tested it to relay to another dhcp server 86.253 (test AD - xxx.local) then on the AD I put the 10.1 (pfsense) under dns forwarder
          then when client obtain IP (see ipconfig /all) 86.254 (test client)

          ed7a3b6e-e278-4355-ad25-aaa80c97045a-image.png

          and run traceroute
          98e8cf39-6097-4d5c-9c43-bc9dcf1b40ef-image.png

          you can see from the traceroute that the domain I put as PTR record works also, this for sure
          i know this domain since I add it on the AD dns service as PTR records pointing my ip 86.10 to that domain

          and do nslookup for 86.10 it gives me same domain
          76174e66-9a65-4c90-8447-aa1811674492-image.png

          now going back to scenario where my dhcp server dns was set directly to pfsense, I can't figure out where this domain (lightspeed.moblal.sbcglobal.net) is coming from
          any idea, what else I need to look for?
          I just want to figured out where that domain is coming from.

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @maelove.am
            last edited by

            @maelove-am

            Why are you hiding RFC1918 (10/8, 172.16/12, 192.168/16) ?
            Like these :

            d25267b2-5d32-434a-ad45-9160ef9d94a8-image.png

            or are you really using non RFC1918 ?

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            M 1 Reply Last reply Reply Quote 0
            • M
              maelove.am @Gertjan
              last edited by

              @gertjan Hi, thanks for your comment

              I just want not to disclose all the setup on this scenario since it's confidential regardless if I'm using RFC1918

              GertjanG 1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan @maelove.am
                last edited by

                @maelove-am

                All right with that, but this opens the door to a possible huge failure.
                It happens all the time : people use non RFC1918 == public IPs/Networks on their LANs, and they do not 'own' these IPs. That's where things go down hill fast.

                I'm still a bit puzzled where this "lightspeed.moblal.sbcglobal.net" comes from.
                I've just tested forward mode ... my local PTRs are still ok.

                Btw :

                7720200e-03ab-43f2-9190-d2dd1cf8d883-image.png

                Wasn't there a great big orange haired guy in the States that banned that brand for not being 'confidential' ?
                (ok, silly, but what if he was right ?).

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                M 1 Reply Last reply Reply Quote 0
                • M
                  maelove.am @Gertjan
                  last edited by

                  @gertjan hello there

                  Yeah, I'm puzzled too. I just can't prove if its from our huawei core switch or from pfsense itself.
                  But I don't see any documentation regarding huawei having that domain.. I already escalate it to huawei TAC and they just said this "if 172.1.83.10 is the address of HW switch, switch just replay a icmp packet, will not take these information (lightspeed.moblal.sbcglobal.net), and it is the behavior of PC."

                  and base from this forum, I think no-one yet encountered this ghost domain with their pfsense, so I think its not really the pfsense causing

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.