PfSense with DNS forwarder to local DNS server: caching issue?
-
Hello,
I might have a configuration problem with DNS forwarder.
Setup:
I already have a DNS server running on a Debian machine (192.168.0.5, with bind9 9.7.3) which is responsible for resolving the internal local domain "mycompany.ext." to the LAN (192.168.0.0/24). This domain is automatically populated by Dynamic DNS, the DHCP service being on the same Debian server.The pfSense (192.168.0.1) is responsible for resolving the other Internet domains with the "DNS servers" list located at "System: General Setup":
12.34.56.78 WAN_A
Computers located inside the LAN are told (via DHCP) to use 192.168.0.1 (pfSense) as DNS server (and as their gateway) so that Internet resolution can be asked to 12.34.56.78 by pfSense on behalf of local computers.
To resolve "mycompany.ext." domain I tried to use "Services: DNS forwarder" by adding the following infos ne into the "Domain Overrides" list:Domain: mycompany.ext
IP: 192.168.0.5Problem:
This Internet-resolution works fine but the local is buggy: at start it works fine, but after some time it won't find resolve local addresses:$ nslookup xxxxx.mycompany.ext 192.168.0.1
server can't find xxxxx.mycompany.ext: NXDOMAINWhereas if asking to the Debian DNS:
$ nslookup xxxxx.mycompany.ext 192.168.0.5
Name: xxxxx.mycompany.ext
Address: 192.168.0.102For the pfSense to give an answer again, I have to disable and then enable the "DNS forwarder".
Possible cause:
I suspect the DNS forwarder service to have asked 192.168.0.5 for "xxxxx.mycompany.ext" once while this machine was out of the office for a while (thus it's A record were deleted/obsolated from 192.168.0.5 and it's returned that answer to pfSense) and to have cached this result. Thus, even when the A record has been recreated by DDNS on 192.168.0.5, pfSense keeps saying NXDOMAIN to any request. -
Should I just configure a cron to periodically restart the DNS Forwarder?