Domain Override doesn't work

MaxPresi

I have a network with Cisco SG550 Layer 3 Switches that manage VLANs and DHCP, and DNS in pfSense. Everything is working fine, except the domain override, which points to the ad that is in the cloud. We have about 10 sites with pfsense configured with domain override to AD in the cloud, via ipsec, but only here it does not work. Here is also the only place with Switch L3, but I don't know if that's the problem, since even through the firewall I can't ping to domain.

This is also where the old AD was, and DHCP and DNS were on it. After moving to the cloud, I passed DHCP to the main Switch L3 and configured it to use DNS on the Firewall.

I tried DNS Forward too, I tried to configure the AD ip in the DNS Server in General Setup and activate the DNS Forwarder in DNS Resolver, but that completely drops the internet (bad_config). I can ping and access the AD normally via IP. Tried config the domain override with "domain.local" and "local" only.

Anything else I can try?

guile

@MaxPresi i had this issue before and what fixed for me was:

• pfSense System > General Setup: Set AD IP;
• pfSense Services > DNS Resolver > General Settings: Check "Enable Forwarding Mode"

Go to your AD DNS and Forward to extern DNS like OpenDNS or Google.

johnpoz

@MaxPresi said in Domain Override doesn't work:

I tried DNS Forward too

When ever you forward to ask a question, be it you forward everything or just a domain override - a domain override is a forward. You have to setup your rebind protection. Set the domain to private, if you forward and get back a rfc1918 address it is considered rebind and unbound will not hand that back to the client unless you set the domain as private, or turn off rebind protection.

https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html