Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Resolving CNAMEs with DNS Resolver & domain overrides

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 500 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jakub.krauz
      last edited by jakub.krauz

      I'm struggling to configure pfSense DNS resolver to forward queries for a specific internal domain to an internal DNS server, while acting as a resolver for everything else.

      Problem: The internal DNS server is recursive, and fully resolves CNAMEs. I added the corresponding domain override to the pfSense resolver configuration, it forwards DNS queries for the internal domain correctly, but it ignores the recursive answer. I confirmed (by watching traffic with tcpdump) that the internal DNS server responds with a full recursive answer, i.e. including target A records for a given CNAME. However, pfSense only replies to the client with the CNAME value. I couldn't find any setting to make it forward the full recursive answer.

      One possible solution I was thinking about is to activate both DNS forwarder and DNS resolver in pfSense. Forwarder would be listening on the standard port 53, and forwarding queries to the resolver running on a different port, e.g. 54. The internal domain override would be configured in the forwarder, ensuring the full recursive answer gets forwarded (tested & confirmed forwarder does return the full answer). It seems rather complicated though, I'm wondering if there is a better solution?

      Thank you,
      Jakub

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @jakub.krauz
        last edited by Gertjan

        @jakub-krauz

        @jakub-krauz said in Resolving CNAMEs with DNS Resolver & domain overrides:

        pfSense DNS resolver to forward queries for a specific internal domain to an internal DNS server

        Like this : https://superuser.com/questions/1753898/how-to-configure-a-forward-zone-to-handle-nested-domains ?

        Custom options should look like :

        181f757c-7704-4919-b549-849aa47651c6-image.png

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        J 1 Reply Last reply Reply Quote 0
        • J
          jakub.krauz @Gertjan
          last edited by

          @Gertjan Thank you for your response. I tested with the custom options as you suggested, but it gave me the same results as previously with domain overrides.

          I realised however what the problem was - the CNAME in question was pointing to a completely different domain (a DNS name of an ALB in AWS). I first confirmed that CNAMEs pointing to records within the same domain do actually resolve correctly. Adding another override for the domain of the ALB resolved the problem for me.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.