• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Local DNS Records on different subnet

General pfSense Questions
5
87
4.8k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jhmc93
    last edited by Nov 22, 2024, 3:23 PM

    Hello, I have pfsense as a different subnet in my setup, but I also have an isp router that most of my main devices run on where as my pfsense runs my media server stuff, my question is my pfsense allows me to access my local dns records that are ran on pihole when I’m connected to pfsense but I want to also access my local DNS records on my isp router as well, is it possible?

    J 1 Reply Last reply Nov 22, 2024, 6:03 PM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @jhmc93
      last edited by Nov 22, 2024, 6:03 PM

      @jhmc93 so you have your isp router then pfsense and then your media stuff behind pfsense?

      internet - isp device -bunch of stuff and wifi - pfsense - media stuff.

      And become problematic for anything on the isp network to access anything behind pfsense you would have to setup port forwards, etc.

      If your accessing your pihole, just have your pihole forward to your isp devices IP, or do a conditional forward for whatever domain your isp device domain is your running?

      I would simplify that setup if me, if that isp device is a gateway, enable bridge mode so pfsense gets your public IP on its wan. then use something else for wifi - get some actual AP, or leverage some other wifi router as just AP, etc.

      Where everything is behind pfsense, on different segments would be best.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      J 1 Reply Last reply Nov 22, 2024, 10:21 PM Reply Quote 0
      • J
        jhmc93 @johnpoz
        last edited by Nov 22, 2024, 10:21 PM

        @johnpoz Hello,
        So I have my ISP & Pihole > random stuff and ISP LAN & Pihole > Pfsense > Media Servers, Pihole runs my DNS cname records where the A record is pointing to a Traefik instance in my pfsense network, my ISP router doesn't come with DNS options, but ye for example I can run local.example.com in my pfsense network but I want to run local.example.com through my isp side but it point to the traefik domains in my pfsense network

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by Nov 23, 2024, 4:14 AM

          You need clients in the ISP router LAN to use the correct DNS server. So either passed by DHCP or set manually if you can't set a DNS server in the ISP router DHCP settings.

          J 1 Reply Last reply Nov 25, 2024, 7:50 PM Reply Quote 0
          • J
            jhmc93 @stephenw10
            last edited by Nov 25, 2024, 7:50 PM

            @stephenw10 So I can't pass it through then?

            1 Reply Last reply Reply Quote 0
            • S
              stephenw10 Netgate Administrator
              last edited by Nov 26, 2024, 12:28 AM

              Can't pass what through?

              You need clients to use the pi-hole or pfSense for DNS in order be able to resolve anything stored there.

              Right now they are probably using the ISP router for DNS because it is running DHCP for that subnet?

              J 1 Reply Last reply Nov 26, 2024, 8:57 PM Reply Quote 0
              • J
                jhmc93 @stephenw10
                last edited by Nov 26, 2024, 8:57 PM

                @stephenw10

                Hello,
                So my pi hole is connected to isp router then pfsense dns is connected to pi hole and pi hole is then pointing to an ip that runs traefik in my pfsense subnet, hope that makes sense

                1 Reply Last reply Reply Quote 0
                • S
                  stephenw10 Netgate Administrator
                  last edited by Nov 27, 2024, 1:02 AM

                  Ok. And the issue is that client in the same segment as the pihole are not using it for DNS?

                  The problem is that they are probably being set to use the ISP router for DNS by the ISP router if it's still running as a DHCP server.

                  J 1 Reply Last reply Nov 27, 2024, 6:32 PM Reply Quote 0
                  • J
                    jhmc93 @stephenw10
                    last edited by Nov 27, 2024, 6:32 PM

                    @stephenw10 so basically pi hole runs on 192.18.. pfsense which is also 192.168.. is pointing to that in DNS settings then the :LAN side of the pfsense is 10.84.. which is where my traefik is located, the problem I have is how do i get my laptop which is on for example 192.168.. to use my local cname records even though I have manually set the pihole as the laptops dns server. Because traefik is on my pfsense subnet it wont resolve to a webpage set on CNAME on pihole.

                    1 Reply Last reply Reply Quote 0
                    • S
                      stephenw10 Netgate Administrator
                      last edited by Nov 27, 2024, 6:50 PM

                      What does it resolve to? If the client is statically configured to use the pihole for DNS it should resolve it the same as anything else.

                      However it may not be able to reach whatever that resolves to. That's a different problem.

                      J 1 Reply Last reply Nov 27, 2024, 8:12 PM Reply Quote 0
                      • J
                        jhmc93 @stephenw10
                        last edited by Nov 27, 2024, 8:12 PM

                        @stephenw10 here some screenshots:

                        login-to-view login-to-view login-to-view

                        1 Reply Last reply Reply Quote 0
                        • S
                          stephenw10 Netgate Administrator
                          last edited by Nov 27, 2024, 8:28 PM

                          There's no need to obscure private IP addresses like 192.168.X.X or 10.X.X.X. Those are only defined inside your network.

                          So what does the client resolve the traefik server to?

                          It looks like you have a domain override pointing to a server behind pfSense. Does the pihole have a route to that subnet?

                          Can you connect to the traefik server from a client using it's IP address directly?
                          The client will also need a route to that subnet via pfSense which it won't have by default.

                          It seems like you may have both a routing issue and DNS problems here. And that is typical of running clients on the WAN side of pfSense where asymmetry is highly likely.

                          J 1 Reply Last reply Nov 27, 2024, 9:10 PM Reply Quote 0
                          • J
                            jhmc93 @stephenw10
                            last edited by Nov 27, 2024, 9:10 PM

                            @stephenw10 see the DNS CNAME records resolve if I'm on pfsense's subnet but not isp subnet, pihole runs via isp subnet but it does work when I set the pfsense to that pihole via ISP

                            1 Reply Last reply Reply Quote 0
                            • S
                              stephenw10 Netgate Administrator
                              last edited by Nov 27, 2024, 9:24 PM

                              Does it actually not resolve or just not connect?

                              The screenshot above looks like a connection issue not a DNS problem.

                              If it does resolve what is it resolving to at the client?

                              J 2 Replies Last reply Nov 27, 2024, 9:59 PM Reply Quote 0
                              • J
                                jhmc93 @stephenw10
                                last edited by jhmc93 Nov 27, 2024, 10:01 PM Nov 27, 2024, 9:59 PM

                                @stephenw10 so I am on my pfsense subnet right now,login-to-view

                                where as it doesn't do that if I'm on my isp router

                                J 1 Reply Last reply Nov 27, 2024, 10:02 PM Reply Quote 0
                                • J
                                  johnpoz LAYER 8 Global Moderator @jhmc93
                                  last edited by johnpoz Nov 27, 2024, 10:06 PM Nov 27, 2024, 10:02 PM

                                  @jhmc93 that browser error is not a dns not resolving, browser not resolving something would look like

                                  login-to-view

                                  Your machine resolved that to something, is it the right thing - who knows from that picture - but it did resolve it.

                                  If your using firefox go to about:networking#dns it will show you what you resolved something too

                                  login-to-view

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                  J 1 Reply Last reply Nov 27, 2024, 10:42 PM Reply Quote 0
                                  • J
                                    jhmc93 @stephenw10
                                    last edited by jhmc93 Nov 27, 2024, 10:34 PM Nov 27, 2024, 10:11 PM

                                    not showing anything

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      jhmc93 @johnpoz
                                      last edited by Nov 27, 2024, 10:42 PM

                                      @johnpoz login-to-view
                                      guessin this is it can't be sure though

                                      J 1 Reply Last reply Nov 27, 2024, 11:20 PM Reply Quote 0
                                      • S
                                        stephenw10 Netgate Administrator
                                        last edited by Nov 27, 2024, 10:51 PM

                                        On the client just try to resolve it at the command line so you can see what it resolves to.

                                        If it resolves to something in the 10.84.x.x subnet (pfSense LAN) then you will need a route to it via pfSense.

                                        If you just put all your clients on a subnet behind pfSense this would work without issue.

                                        J 1 Reply Last reply Nov 27, 2024, 10:54 PM Reply Quote 0
                                        • J
                                          jhmc93 @stephenw10
                                          last edited by Nov 27, 2024, 10:54 PM

                                          @stephenw10 by client do u mean my machine I work on, the traefik machine or the pihole server??

                                          1 Reply Last reply Reply Quote 0
                                          1 out of 87
                                          • First post
                                            1/87
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.