Subnets/VLAN DNS not working

NeVaR

I recently migrate to Netgate 6100 from Netgate SG-5100. I decided to start from scratch. I started with Hydrid Outbound NAT Mode which auto generate the rule to all vlan/subnet access to the wan. For each vlan/subnet, i added rule to allow access to the Gateway of the WAN. I also setup alias for selected IP addresses to access the OpenVPN client from each vlan/subnet. I setup Virtual Machine on one of subnet to test the connect. I can only access website via ip address. I compared rules on my Netgate SG-5100. I also notice that DNS Resolver does not work. I know that I enable on Netgate SG-5100 will allow me to access domain that point to my docker like swag. Only LAN , OpenVPN server and OpenVPN client have no issue. I can't figure what else I'm missing or misconfig that subnet having problem access the dns.

Bob.Dig

@NeVaR said in Subnets/VLAN DNS not working:

For each vlan/subnet, i added rule to allow access to the Gateway of the WAN.

I also notice that DNS Resolver does not work.

No wonder that it is not working... but to be sure, show your rules for a start.

NeVaR

I was able resolved the DNS issue. I'm not sure why that I need to provide DNS server all DHCP Server except for LAN and OpenVPN server. I already provided two DNS Servers on System > General Setup. The only different this setup are: Hybrid Outbound NAT vs Manual Outbound NAT and new provider Bell which I moved pfsense to DMZ of bell fiber modem since i have hh4000.

NeVaR

@Bob-Dig here you go:

Rule for VLAN 100, the other VLAN has same rule minus the printer access

Rule for NAT Outbound

Floating Fule

Bob.Dig

@NeVaR said in Subnets/VLAN DNS not working:

I was able resolved the DNS issue.

So your good now? Your rules only allow external DNS-servers as far as we can see.

NeVaR

@Bob-Dig said in Subnets/VLAN DNS not working:

@NeVaR said in Subnets/VLAN DNS not working:

I was able resolved the DNS issue.

So your good now? Your rules only allow external DNS-servers as far as we can see.

I always use external DNS servers rather than my ISP. Since their ISP seems to be unreliable from my previous netgate appliance. Unlike my previous setup, I didn't provide external DNS server for each DCHP server. I only did once and it was on the System > General Setup. Can you explain which rules that only allow external DNS server and how I can allow dns internal server? I'm still issue accessing my docker container using domain within my internal network. I was able to get it working by enable the DNS Resolver but this new setup does not seems to work.

Bob.Dig

@NeVaR said in Subnets/VLAN DNS not working:

Can you explain which rules that only allow external DNS server and how I can allow dns internal server?

On your first screenshot there is no dns-rule. There is one rule that allows anything as destination but it has an internet gateway set, so it will route anything right out to the internet, so no chance to talk to a local dns server.

Take a look here how you create proper (dns-)rules.

NeVaR

@Bob-Dig said in Subnets/VLAN DNS not working:

@NeVaR said in Subnets/VLAN DNS not working:

Can you explain which rules that only allow external DNS server and how I can allow dns internal server?

On your first screenshot there is no dns-rule. There is one rule that allows anything as destination but it has an internet gateway set, so it will route anything right out to the internet, so no chance to talk to a local dns server.

Take a look here how you create proper (dns-)rules.

Thanks I will take look that closely tonight.