Re: Dns Forwarder and hosts file will not work in 2.0
-
Unfortunately, I think there is nothing wrong in what you did…..
I can confirm you cannot add host name without entering a domain name. I think this is "by design" (formally correct).
I tried also to work-around adding a reservation in the DHCP server (using host name) and then checking "Register DHCP static mappings in DNS forwarder" in DNS Forwarder, but pfSense always add the domain name in General setup to the host name.Then, I think you have only two choice:
- Add your server name in pfsense host file.
- Activate netbios name resolution on your server/lan
-
That's too bad.. are you 100 % sure about this? I thought I read topics where people got this working with the dns forwarder.
i've tried editing the host file on the pfsense machine but windows clients still cannot resolve hostnames without domain.local :(
-
Anybody know why this is not working?
I've tried the work-around as mentioned above by editing the pfsense hostfile.
Host file
192.168.2.80 SpotWebOn my local pc :
IPv4-adres. . . . . . . . . . . . : 192.168.2.101
Subnetmasker. . . . . . . . . . . : 255.255.255.0
Standaardgateway. . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234890380
DHCPv6-client DUID. . . . . . . . : 00-01-00-01-13-49-BF-00-00-24-8C-17-B5-93
DNS-servers . . . . . . . . . . . : 192.168.2.1Ping spotweb –> no reply
ping spotweb.home.local I get a reply**nslookup spotweb 192.168.2.1 **
Server: volvo.home.local
Address: 192.168.2.1Naam: spotweb
Address: 192.168.2.80Why am I still unable to reach it by ping or by http? Doing a manual nslookup on the pfsense ip I am getting a response?
doing a ipconfig /flushdns has made no difference btw.
-
I have a pfSense system with Windows (2000, XP, Vista and 7) and Linux system on the LAN. All use DHCP for configuration. pfSense uses the DNS forwarder. My pfSense system is called pfsense in domain example.org. All my LAN systems can refer to other LAN systems by name (e.g. pfsense) or fully qualified domain name (e.g. pfsense.example.org).
I notice on the pfSense page System -> General Setup: Do not use 'local' as a domain name. It will cause local hosts running mDNS (avahi, bonjour, etc.) to be unable to resolve local hosts not running mDNS.
I have a recollection that some years ago when I first started using pfSense I configured it in domain .local or something.local but some DNS wierdness (can't recall the details) caused me to switch to domain example.org which seemed to behave more predictably.
It doesn't help that the first post in this thread used domain name domain.local and later posts used domain name home.local Better to use a consistent domain name and probably better not to use something in .local.
-
Thanks for your reply.
Home.local was the same as domain.local I just changed the name in this thread.. sorry ;)
I changed the dns on the general page to home.org and the dynamic dns on dhcp server also to home.org
Still no luck :( See my post above this one explaining that I can do a nslookup from a windows machine and I get the right IP. When doing the same thing in a browser or in a pring command I get unknown host.
Am I missing certain dhcp options? Or is the WAN DNS being used to override local lookups? My hosts file on the pfsense contain the server name with and without the home.org and still it doesn't work :(
-
Still no luck :( See my post above this one explaining that I can do a nslookup from a windows machine and I get the right IP. When doing the same thing in a browser or in a pring command I get unknown host.
What does the windows system think its domain is? (ipconfig command in a command window should show it.) If you are not sure please post the ipconfig output.
Do you have pfSense DNS forwarder enabled?
My understanding of how this should work is that your Windows system should think it is in domain home.org and then a name to IP lookup on spotweb should be given to the name server (pfSense) as a lookup on spotweb.home.org. Of course if you have been fiddling around with the pfSense domain name and haven't renewed your DHCP lease on the Windows client you probably have stale information on the Windows client.
-
C:\Users\Jasper>ipconfig /all
Windows IP-configuratie
Hostnaam . . . . . . . . . . . . : Audi
Primair DNS-achtervoegsel . . . . : home.org
Knooppunttype . . . . . . . . . . : hybride
IP-routering ingeschakeld . . . . : nee
WINS-proxy ingeschakeld . . . . . : neeEthernet-adapter voor Local Area Connection:
Verbindingsspec. DNS-achtervoegsel:
Beschrijving. . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ether
net Controller
Fysiek adres. . . . . . . . . . . : 00-24-8C-17-B5-93
DHCP ingeschakeld . . . . . . . . : nee
Autom. configuratie ingeschakeld : ja
Link-local IPv6-adres . . . . . . : fe80::54f8:2e94:93f9:c8fb%10(voorkeur)
IPv4-adres. . . . . . . . . . . . : 192.168.2.101
Subnetmasker. . . . . . . . . . . : 255.255.255.0
Standaardgateway. . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234890380
DHCPv6-client DUID. . . . . . . . : 00-01-00-01-13-49-BF-00-00-24-8C-17-B5-93DNS-servers . . . . . . . . . . . : 192.168.2.1
NetBIOS via TCPIP . . . . . . . . : ingeschakeldIf you need any translations done.. let me know ;) This is my own workstation set to a static ip because If I reboot pfsense I still need to be able to reach other network devices :)
-
Ok a step farther now.
on the DHCP page I didn't set the domain name option. I changed this to home.org and it seems to work withing the same subnet (ping / IE/Firefox). Great!Not al the way there yet, on my other wifi subnet (172.16.108.0/24) I am able to ping the hostnames and the ip resolves to the 192.168.x local ip but when using the same hostname in internet explorer or firefox it tries to resolve it with the external dns server. Any idea why this is happening?
It seems we are almost there..
-
On the wireless clients, if you've tried before to reach the server, I would suggest a DNS flush. I think it is ipconfig /flushdns
-
You'll need a dnsmasq.conf file.
Here is mine:
"/usr/local/etc/dnsmasq.conf"# Filter out queries public DNS can't answer. # # Tells dnsmasq to never forward queries for plain names, without dots or domain parts, to upstream nameservers. # If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned. domain-needed # Bogus private reverse lookups. # All reverse lookups for private IP ranges (ie 192.168.x.x, etc) which are not found in /etc/hosts or the DHCP leases file are answered # with "no such domain" rather than being forwarded upstream. bogus-priv # # LAN domain lookups # # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. local=/home/ # # Set the domain for dnsmasq. this is optional, but if it is set, it # does the following things. # 1) Allows DHCP hosts to have fully qualified domain names, as long # as the domain part matches this setting. # 2) Sets the "domain" DHCP option thereby potentially setting the # domain of all systems configured by DHCP # 3) Provides the domain part for "expand-hosts" domain=home # # Add the domain to simple names (without a period) in /etc/hosts in the same way as for DHCP-derived names. # Note that this does not apply to domain names in cnames, PTR records, TXT records etc. expand-hosts # # increase DNS cache size cache-size=10000 # # Set the maximum number of concurrent DNS queries. The default value is 150 dns-forward-max=300 # # Resolve(generated from WAN DHCP) resolv-file=/var/etc/resolv.conf #my LAN is called "home", yours should be "home.local"
press "save" in pfsense web GUI (dhcp services or DNS forwarder) to "restart" dnsmasq and load your own conf file + default pfsense commandline based settings (some settings maybe double now)ipconfig /all
Windows IP-configuratie Hostnaam . . . . . . . . . . . . : W7-PC Primair DNS-achtervoegsel . . . . : Knooppunttype . . . . . . . . . . : hybride IP-routering ingeschakeld . . . . : nee WINS-proxy ingeschakeld . . . . . : nee DNS-achtervoegselzoeklijst. . . . : home Ethernet-adapter voor LAN-verbinding: Verbindingsspec. DNS-achtervoegsel: home Beschrijving. . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethern et Controller Fysiek adres. . . . . . . . . . . : XX-XX-XX-XX-XX-XX DHCP ingeschakeld . . . . . . . . : ja Autom. configuratie ingeschakeld : ja Link-local IPv6-adres . . . . . . : fe80::18ef:47d5:fb62:43cc%10(voorkeur) IPv4-adres. . . . . . . . . . . . : 192.168.0.50(voorkeur) Subnetmasker. . . . . . . . . . . : 255.255.255.0 Lease verkregen . . . . . . . . . : dinsdag 29 maart 2011 17:38:56 Lease verlopen. . . . . . . . . . : dinsdag 29 maart 2011 19:38:56 Standaardgateway. . . . . . . . . : 192.168.0.1 DHCP-server . . . . . . . . . . . : 192.168.0.1 DHCPv6 IAID . . . . . . . . . . . : 234890068 DHCPv6-client DUID. . . . . . . . : XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX DNS-servers . . . . . . . . . . . : 192.168.0.1 NetBIOS via TCPIP . . . . . . . . : ingeschakeld Tunnel-adapter voor isatap.home: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: home Beschrijving. . . . . . . . . . . : Microsoft ISATAP Adapter Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-00 DHCP ingeschakeld . . . . . . . . : nee Autom. configuratie ingeschakeld : janslookup should result in:
C:\Users\User>nslookup Standaardserver: pfsense.home Address: 192.168.0.1 > w7-pc Server: pfsense.home Address: 192.168.0.1 Naam: w7-pc.home Address: 192.168.0.50 > w7-pc.home Server: pfsense.home Address: 192.168.0.1 Naam: w7-pc.home Address: 192.168.0.50 > unknown Server: pfsense.home Address: 192.168.0.1 *** pfsense.home kan unknown niet vinden: Non-existent domain > exit C:\Users\User> -
Thanks for your reply and I see you are also dutch :).
I think you might of read my post wrong. Everything is working except IE in the 172.x subnet.
IE & nslookup works fine in the 192.x subnet (this is where the webserver is also in).
Windows 7 machine in 172.x subnet output with DHCP set :
Windows IP-configuratie Ethernet-adapter voor LAN-verbinding: Verbindingsspec. DNS-achtervoegsel: home.org Link-local IPv6-adres . . . . . . : fe80::5162:372a:6434:dcf6%10 IPv4-adres. . . . . . . . . . . . : 172.16.108.104 Subnetmasker. . . . . . . . . . . : 255.255.255.0 Standaardgateway. . . . . . . . . : 172.16.108.1C:\Users\User>nslookup spotweb Server: UnKnown Address: 172.16.108.1 Naam: spotweb.home.org Address: 192.168.2.80C:\Users\User>ping spotweb Pingen naar spotweb.home.org [192.168.2.80] met 32 bytes aan gegevens: Antwoord van 192.168.2.80: bytes=32 tijd=3 ms TTL=63 Antwoord van 192.168.2.80: bytes=32 tijd=1 ms TTL=63 Antwoord van 192.168.2.80: bytes=32 tijd=1 ms TTL=63 Antwoord van 192.168.2.80: bytes=32 tijd=1 ms TTL=63 Ping-statistieken voor 192.168.2.80: Pakketten: verzonden = 4, ontvangen = 4, verloren = 0 (0% verlies).When accessing IE from the 172x interface I get :
While trying to retrieve the URL: http://spotweb/ The following error was encountered: •Connection to 81.200.64.52 Failed The system returned: (60) Operation timed out The remote host or network may be down. Please try the request again. Your cache administrator is admin@home.org -------------------------------------------------------------------------------- Generated Tue, 29 Mar 2011 16:32:03 GMT by volvo (squid/2.7.STABLE9)When accessing http://spotweb from the 192x subnet It does work (also using transparant squid proxy here)
So the only thing which doesnt work right now is IE in the other subnet :)
-
Fixed!!! :D :D
Manualy set dns server in my proxy setting to the pfsense gateway ip and now it works.. weird!
-
Squid uses pfsense dnsmasq and all nameservers in "resolve.conf".
Local ip numbers (like your "spotweb" site) would be sent to upstream nameservers.I've also set my dnsserver in squid to 127.0.0.1 (different from default, "empty")
Now only pfsense dnsmasq is used for lookups (and lookup-cache) in squid.