PfSense not forwarding DNS to concerned VPS
-
Hello,
I am using pfSense and have 5 different VPS that are working on different ports. I registered domains with our additional server IP and all of the them are pinging. One of our domain is onlinenics.net. This domain resides on our one of VPS that has hostname OracleLinux1.Onlinenics.net
Now I tried in pfSense as following:
Services => DNS Forwarder
Checked option Enable DNS forwarder & Register DHCP leases in DNS forwarderServices => DNS Forwarder =>Host Overrides and did the following:
but not forwarding with following error when I access onlinenics.net in browser:
```
Potential DNS Rebind attack detected, see
http://en.wikipedia.org/wiki/DNS_rebinding
Try accessing the router by IP address instead
of by hostname.on vps-1 plesk is installed and I created domains there. please advise why DNS forwarder is not forwarding outworld requests to the concerned vps? Thanks in anticipation -
how exactly are you getting to some vps running where? with a rfc1918 address?
You do understand a forwarder just resolve that name to that IP… If you do a nslookup or dig or drill or host for that name, does it come back with that IP... Then forwarder is doing its job..
is this site hosted behind pfsense? Where are you trying to access the site from?
-
Hello thanks for reply,
Actually i'm running Xenserver hyper-visor and i created 5 VM and 1VM for pfSense so all VMs are in 172.16.0.0/24 range attached to pfSenese LAN interface.
pfSense has two interfaces: LAN (172.16.0.100 as a gateway for all VMs) and WAN with Failover_IP (public IP).So i have Plesk on 1 VM and it's NATted by pfSense my problem is how can i forward DNS request to Bind that installed with Plesk on 1 VM.
[root@ServerName ~]# nslookup onlinenics.net Server: 10.0.80.11 Address: 10.0.80.11#53 Non-authoritative answer: Name: onlinenics.net Address: 195.154.37.12 [root@ServerName ~]# dig onlinenics.net ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> onlinenics.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48444 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;onlinenics.net. IN A ;; ANSWER SECTION: onlinenics.net. 86400 IN A 195.154.37.12 ;; Query time: 97 msec ;; SERVER: 10.0.80.11#53(10.0.80.11) ;; WHEN: Sat Dec 19 10:36:35 2015 ;; MSG SIZE rcvd: 48 [root@ServerName ~]# dig @8.8.8.8 onlinenics.net ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @8.8.8.8 onlinenics.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44316 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;onlinenics.net. IN A ;; ANSWER SECTION: onlinenics.net. 20085 IN A 195.154.37.12 ;; Query time: 5 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sat Dec 19 10:36:48 2015 ;; MSG SIZE rcvd: 48 [root@ServerName ~]# host onlinenics.net onlinenics.net has address 195.154.37.12 onlinenics.net mail is handled by 10 mail.onlinenics.net. [root@ServerName ~]#Thanks
-
By using the forwarder and setting it to forward to that IP.. From the outside of pfsense you would setup a port forward for 53 udp/tcp to the VM running bind..
You would not do that with a host override..
-
Hello,
Thanks to reply!Actually I NATted between the public ip and the VM that hosts Plesk (Bind installed underhood), but the problem is that I installed two Plesk in two different VMs and i can't NAT for example http port (80) to two VMs within pfsense.
Instead of buying another Public IP can i use one IP to and forward http/smtp/pop3/dns traffics to different VMs using 1 public IP?
Looking forward to hearing from you.
Kind regards
-
yes you can forward different ports to different ips behind pfsense, but no you can not forward 80 to more than 1 IP behind pfsense..
If you want to get to something running httpd behind pfsense both on port 80 you would have to use a reverse proxy running on pfsense that looks at the fqdn your trying to get to say hosta.yourdomain.tld would send to ip1 and hostb.yourdomain.tld would send to ip2 while both hosta and hostb.yourdomain.tld resolve to your 1 public IP.
