Help with domain override setup

krlsantcard

Thanks for reply.
I was doing simple testing:
ping from LAN to DMZ dont respond!!!
pinh from LAN to GUEST ok.
and i think that all this odd behavior must be how i have all setup.
So let me explain.
I have all virtualize on VMware on my PC (one NIC).

my customs adapters

and here my networks from window

and in pfsense setup

from GUEST network all work fine or maybe??

but from LAN a ping to DMZ never respond,
how ever ping to GUEST respond well.
rules are open to any.

Any idea???

krlsantcard

ipconfig on GUEST network,

krlsantcard

ipconfig in LAN

Is it why never resolve. ????

krlsantcard

to finish i have to add to DNS server settings the ip from my dns server on DMZ, is that correct???

krlsantcard

@Gertjan Problem Solved!!!!

Yes i dont know why but was related to virtualizations.
Just put de VM on the subnet of LAN and get all via DHCP and resolves all like a charm!!!!.
Now from any subnet work great. i almost give up.
thanks u all.

krlsantcard

In order all this work i have to:

1. DNS Resolver -> Domain Overrides setting:
   homelab.cu - 10.0.0.50 (DNS server in DMZ)

2 DNS Resolver -> Access List granted access to LAN and GUEST network (not sure is needed).

3. leave in blank "DNS Server Settings" fields (System->General setup)(previous filled with google dns but dont resolved my internal dns)

4. In every interface (LAN, GUEST) under DHCP Server setting:
   DNS server: IP of interface, 8.8.8.8, 8.8.4.4, 1.1.1.1
   gateway: IP of interface
   domain name: homelab.cu
   (i supose that this way any client conected to any of this interface get network setting via dhcp and when resolver first look in the ip of the domain override, then if fail go to the others dns i setup. Is that correct? ) and isthis the right way to do it??
   Thanks again and i hope someone can make some clarifications about this notes above.

johnpoz

@krlsantcard no none of that makes any sense.. clients behind pfsense should be really the only dns set on clients. If you want pfsense to forward to google dns or cloudflare than setup pfsense to do so.. But resolving should be fine, its the default you do not have to set any dns IPs

Those IPs sure and the hell not going to know about any local resources you want to resolve. And no they do not try in order, when you set more than one nameserver on a client, you really have no idea which one it might ask.

krlsantcard

@johnpoz said in Help with domain override setup:

clients behind pfsense should be really the only dns set on clients.

First i made this ways but then dont resolve nothing to the internet. Just my internal dns.

So i really lost how i must go on!!!

krlsantcard

@johnpoz said in Help with domain override setup:

f you want pfsense to forward to google dns or cloudflare than setup pfsense to do so

Please let me put in a way u can understand, what i pretend if type on a browser in LAN o GUEST www.homelab.cu or nas-prod-1.homelab.cu resolve to my DNS server on DMZ, otherwise typing any word, frase then google.

krlsantcard

Well, following ur sugestions remove all dns.
Client in GUEST (get via DHCP)

Is that correct???
And a ping to google.

then in browser:
DNS_PROBE_FINISHED_NXDOMAIN

just made a flushdns and problem resolved.
so that's the way should be?

krlsantcard

for clarification,
on DHCP server -> GUEST (static IP 192.168.42.1) i set
DNS servers : 192.168.42.1
Gateway: 192.168.42.1
Domain name: homelab.cu