DNS not getting translated into IP, using PfSense
-
Hi guys,
We are using PfSense. and are experiencing problems accessing our address blah.blah.blah from our local network.
It is however Working from Any Other Network…IP is on Local Network, towards which the DNS is supposed to point.
The issue appears to be DNS not getting Resolved or Forwarded or something else, to IP which is on our Local Network.
Pings are going through nicely, as if everything was working properly…Even crazy ideas are welcome at this point.
P.S. Atm the version of PfSense that we are using is a little bit outdated.
Thank you. -
@slo-bo-dan Is this a public IP? What result do you get?
PCs are using pfSense for DNS?
To resolve to a private IP (split DNS) you can create a host override.
-
@steveits We are hosting on premise an externally custom built web app, on local IP.
PfSense is used for DNS
The following is the main issue we are experiencing.
1. It recognizes DNS from outside our network properly. 1.1 (i.e. we make a hotspot on mobile, hookup laptop, type DNS on a browser, everything works perfectly! coz we are accessing it from external network) 2. But internally gets stuck within our network, and doesnt resolve DNS correctly. or maybe DNS is just a symptom, and not a cause? 2.1. (hookup to local network, type DNS on a browser, displays “This site cant be reached” + timeout msg, and doesnt work 2.2. hookup to local network, type Internal IP on a browser, displays default documentation page of the server its hosted on, and doesnt work, 2.3. different attempt: hookup to local network, type Internal IP on a browser + add “/” + add student portal DNS address part, now it works, but just on student portal…)Basically sums up to,
the Professors cant access their stuff from inside the school… But students at least can.
And everything works for everyone when outside of school LAN. -
@slo-bo-dan So again if you use "nslookup" inside the network, to what IP is it resolving?
Options to connect to a private IP using a public domain name are NAT reflection or split DNS (host override).
https://docs.netgate.com/pfsense/en/latest/nat/reflection.html
https://docs.netgate.com/pfsense/en/latest/nat/reflection.html#split-dnsWeb servers normally share an IP and use the hostname to know what web site to display. If one uses an IP, it will show the server's default web page.
-
@slo-bo-dan that picture makes no sense - are you hiding the names? And the full IP?
domain overrides would be for where you want to resolve a specific domain and all its records from a specific name server..
For host overrides they need to be fully qualified, and point to a specific address - so believe your just not showing what is fully there?
Also for clients to get the host override they need to be asking pfsense for dns.. Or the nameserver clients are asking needs to then ask pfsense..
edit: Lets do a specific example, maybe that will help you understand how host override works.
you have www.domain.tld out on the public internet that resolves to 1.2.3.4.. This is your pfsense wan IP, when you see traffic to 1.2.3.4 on port 443 you send it to 192.168.1.100 via a port forward.. This is how outside your network gets there to your website on www.domain.tld
Now internal you have some client on 192.168.1.90, and he wants to get to www.domain.tld - does his dns resolve that to 1.2.3.4 or if you setup a host override on pfsense to point www.domain.tld to 192.168.1.100
If your client on .90 resolves it to 1.2.3.4 you need to setup nat reflection. If your client is asking pfsense for dns, then a host override would tell this .90 hey just got to 192.168.1.100
But if your client is using say 8.8.8.8 or 9.9.9.9 for dns directly then no yoru host override would never work.