Local laptop/iPad sporadically getting external IP for a local server
-
pfSense Nano 1.2.3 on Netgate ALIX box
1 Comcast CABLE WAN DHCP external IP
Local network 192.168.0.x
Local server 192.168.0.10
DNS Forwarder on, DHCP DNS override on
Named static DHCP MAC entry for the local server 192.168.0.10For some reason, my laptop and iPad are sporadically getting the external WAN
IP when trying to connect to the local server by name, rather than getting
192.168.0.10. On the laptop I need to do dscacheutil -flushdns to get it to
see the correct 192.168.0.10 address again. On the iPad I don't have that option
but rebooting it usually fixes the problem at least temporarily.Any clues on how to troubleshoot or possible problems?
Time to try 2.0 BETA? :)Thanks!
–Ed -
Is there also a DNS entry for that same server name that resolves to your WAN IP from the external DNS server?
Are you sure that these internal clients are using only your pfSense LAN IP as their DNS server?
-
Yes, there IS a DNS entry in external DNS for the same server name that resolves to the external WAN IP. And this is the address that gets sporadically seen by internal machines.
Internal clients are configured by pfSense DHCP to get dns info from 192.168.0.1. No hardcoded DNS servers on the internal clients.
I'll be giving 2.0 beta 4 a go as soon as I receive my USB compact flash reader.
Thanks!
–Ed -
I can't remember if it was the iPad or the Kindle, but someone on the forum here was mentioning something weird about the way it resolves with DNS, that it almost forces it out the WAN and doesn't expect replies from a local name server. I think that may have been the Kindle though, not the iPad.
It might be worth doing a packet capture on the LAN for the device's IP address and watching to see what happens when it gets the incorrect entry.
-
According to some info I googled, the Mac mDNSResponder does
some funny stuff.For ex., when using ping, dig, nslookup,
/etc/resolv.conf is used and results are as expected:"ping panda"
64 bytes from 10.1.1.10: icmp_seq=0 ttl=64 time=0.130 ms
"dig panda"
; <<>> DiG 9.6.0-APPLE-P2 <<>> panda
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5954
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:
;panda. IN A;; ANSWER SECTION:
panda. 1 IN A 10.1.1.10;; Query time: 3 msec
;; SERVER: 10.1.1.1#53(10.1.1.1)
;; WHEN: Thu Oct 14 12:22:53 2010
;; MSG SIZE rcvd: 39"nslookup panda"
Server: 10.1.1.1
Address: 10.1.1.1#53Address: 10.1.1.10
================================================
However using the mDNSResponder (used by most Mac services)
I get my external WAN IP:"dscacheutil -q host -a name panda"
ip_address: 98.xxx.xxx.xxx
================================================
One article suggested that Mac is looking for A or AAAA DNS records, and it
could be that when requesting the AAAA record, it resolves to the external WAN
IP. I don't know much about AAAA records and it doesn't look like there's a
place to specify an AAAA record in pfSense.I've verified that the Mac has ONLY the pfSense local IP as the DNS, and the
pfSense DNS forwarder is on and registering the static local DHCP IP's.
And I've flushed the mDNSResponder cache repeatedly. -
I did a tcpdump on port 53 and captured the output for
"dscacheutil -q host -a name panda":(I've replaced my domain with "mydomain" and my external IP
with 98.xxx.xxx.xxx in the text below). Still can't understand why
it's resolving to the external WAN IP instead of the internal
static dhcp address.sudo tcpdump port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:04:07.910775 IP tiger.mydomain.com.62310 > router.mydomain.com.domain: 27878+ AAAA? panda.mydomain.com. (39)
13:04:07.924733 IP router.mydomain.com.domain > tiger.mydomain.com.62310: 27878 1/1/0 CNAME mydomain.com. (123)
13:04:07.924964 IP tiger.mydomain.com.55111 > router.mydomain.com.domain: 55178+ AAAA? mydomain.com. (33)
13:04:07.939512 IP router.mydomain.com.domain > tiger.mydomain.com.55111: 55178 0/1/0 (103)
13:04:07.939945 IP tiger.mydomain.com.62372 > router.mydomain.com.domain: 25705+ AAAA? panda.dolcera.net. (35)
13:04:07.953756 IP router.mydomain.com.domain > tiger.mydomain.com.62372: 25705 NXDomain 0/1/0 (97)
13:04:08.289062 IP tiger.mydomain.com.51172 > router.mydomain.com.domain: 23562+ A? mydomain.com. (33)
13:04:08.308518 IP router.mydomain.com.domain > tiger.mydomain.com.51172: 23562 1/0/0 A 98.xxx.xxx.xxx (49)
13:04:08.477904 IP tiger.mydomain.com.59862 > router.mydomain.com.domain: 62384+ PTR? 1.1.1.10.in-addr.arpa. (39)
13:04:08.478812 IP router.mydomain.com.domain > tiger.mydomain.com.59862: 62384* 1/0/0 PTR router.mydomain.com. (75)
13:04:08.487814 IP tiger.mydomain.com.57421 > router.mydomain.com.domain: 31161+ PTR? 11.1.1.10.in-addr.arpa. (40)
13:04:08.488549 IP router.mydomain.com.domain > tiger.mydomain.com.57421: 31161* 1/0/0 PTR tiger.mydomain.com. (75)
^C
12 packets captured
1172 packets received by filter
0 packets dropped by kernel -
Do you have DynDNS enabled for your domain, with wildcard enabled?
-
I'm using DynDNS Custom DNS for the domain, no wildcard.
mydomain.com resolves, but randomtext.mydomain.com does not. -
Well something out there (perhaps the DNS server for mydomain.com) is answering the AAAA query:
13:04:07.910775 IP tiger.mydomain.com.62310 > router.mydomain.com.domain: 27878+ AAAA? panda.mydomain.com. (39) 13:04:07.924733 IP router.mydomain.com.domain > tiger.mydomain.com.62310: 27878 1/1/0 CNAME mydomain.com. (123)That means it asked for the AAAA record for panda, and got back that result is a CNAME for mydomain.com
And then it asked for a AAAA record for mydomain.com, and AAAA for panda.dolcera.net…
13:04:07.924964 IP tiger.mydomain.com.55111 > router.mydomain.com.domain: 55178+ AAAA? mydomain.com. (33) 13:04:07.939512 IP router.mydomain.com.domain > tiger.mydomain.com.55111: 55178 0/1/0 (103) 13:04:07.939945 IP tiger.mydomain.com.62372 > router.mydomain.com.domain: 25705+ AAAA? panda.dolcera.net. (35) 13:04:07.953756 IP router.mydomain.com.domain > tiger.mydomain.com.62372: 25705 NXDomain 0/1/0 (97)…and got back an answer that they don't exist.
Then finally asked for an A record for mydomain.com...
13:04:08.289062 IP tiger.mydomain.com.51172 > router.mydomain.com.domain: 23562+ A? mydomain.com. (33) 13:04:08.308518 IP router.mydomain.com.domain > tiger.mydomain.com.51172: 23562 1/0/0 A 98.xxx.xxx.xxx (49)…and got back what is presumably your WAN IP.
