IPhone DNS - pfSense

mrlaforge · Nov 26, 2008, 12:09 AM

Hi all,

Long time reader , first time poster. Please be gentle.

We are presently trialling pfSense as a wireless network controller in our organisation.

We have it up and running with captive portal, authenticating against our radius server.

So far so good.

We have a number of web based applications that we would like to publish to the wireless network. They are hosted on 2K3 boxes with dual nics one to our internal network and one to the wireless network.

I have placed an entry in DNS Forwarder so that a clean address (eg http://testsite) redirects to the ip address of the webserver.

If I connect to the wireless via a laptop I can get to the site via the dns address. All works fine.

DNS is handed out to our users via DHCP.

If I try to connect via an iPhone 3g 2.2 Firmware, I can get to the captive portal and authenticate no problems. All external web traffic works fine, however the internal DNS entries eg http://testsite do not resolve. I can see the website via its IP so its not a connectivity issue.

Does anyone know what I might be doing wrong? Am I missing something or is the iPhone DNS just screwy!!

For everyones info we're runing pfSense 1.2.1 RC2 the DNS server that is issued to clients is the IP of the pfSense box 192.168.1.1. The domain is just .local.

If you need any other info please let me know.

Appreciate any help.

GruensFroeschli · Nov 26, 2008, 8:34 AM

Could it be that the iphone extends all the names you enter with "www." ?
For this case you would need another entery as in the screenshots in this post: http://forum.pfsense.org/index.php/topic,9440.msg53554.html#msg53554

jahonix · Nov 26, 2008, 11:21 AM

@GruensFroeschli:

Could it be that the iphone extends all the names you enter with "www." ?

Assuming the iPod touch uses the same bytes as the iPhone, then no, it doesn't append "www." on its own.
Just checked by connecting to http://wrt54gl in the same subnet.
Name resolution is done by pfSense.

Check the DNS the iPhone uses. Does ping work (there's a free ping tool in the AppStore…)?

ginosteel · Jan 29, 2009, 2:19 PM

Ive made a test on my local network. Ive made a domain name in plesk (domain that is not exist) and like u i cannot access it only via IP. I think that the iphone has a different type to resolv dns

jahonix · Jan 30, 2009, 8:27 AM

Since I received my iPhone recently I was able to check it with that device as well.
Ping and HTTP work flawlessly, given the right DNS.

AP is WRT54GL connected to a pfSense OPT IF, DNS is the standard forwarder from pfSense which is correctly shown on the WLAN setup screen.
What does your iPhone show as DNS?

samyboy · Apr 21, 2009, 4:03 PM

Hi,

I'm facing the same problem.

Here's what I found using tcpdump:
17:46:33.675662 IP 10.20.50.241.5353 > 224.0.0.251.5353: 0 A (QM)? dev.local. (27)

The IP 224.0.0.251 is related to Multicast DNS (http://www.multicastdns.org/).
No idea what to do with it.

Edit: Maybe this link can help: http://support.apple.com/kb/HT2385?viewlocale=en_US

GruensFroeschli · Sep 2, 2009, 3:25 PM

Since the iPhone is from apple i suppose it will, if there is not DNS server configured, fall back to multicast DNS as specified in zeroconf/bonjour.
Have you tried to force a DNS server by hand?

samyboy · Sep 2, 2009, 2:42 PM

Hi, thanks for replying.

Since then I discovered that the new 10.6 version of Mac OS X has the exact same behaviour
I did try to set up the network settings manually but unfortunately the issue still exists.

I found this thread explaining that the base of the problem is the ".local" tld used in our LAN. It is used by the "Bonjour" protocol.

I am going to change my LAN tld into something not used by some fancy protocol (like ".lan" or something)

I keep in touch.