Problem with DNS forwarding

johnpoz

so when  you query pfsense directly for the host override you created do you get the correct response or not?

Use nslookup, dig or host or whatever your fav dns query tool is on the os your using..

netsysadmin

Hello John,

Thank you for replying.
Yes, when I query pfSense directly from my LAN computer, I get the correct IP address.

Please find below the result of the queries:

mymac:~ user$ nslookup

sens.mydom.com
Server: 10.40.0.34
Address: 10.40.0.34#53

Non-authoritative answer:
Name: sens.mydom.com
Address: A.B.C.D => PUBLIC IP ADDRESS

server 10.40.0.1 => LAN IP ADDRESS OF pfSense
Default server: 10.40.0.1
Address: 10.40.0.1#53

sens.mydom.com
Server: 10.40.0.1
Address: 10.40.0.1#53

Name: sens.mydom.com
Address: 10.40.0.76 => CORRECT INTERNAL IP ADDRESS

cmb

You have to use the DNS forwarder as your DNS server if you want to get its overrides.

netsysadmin

Do you mean that all LAN machines should use the IP address of the LAN interface of pfSense as their DNS server?

Thank you

muswellhillbilly

Why not set your host overrides/split DNS on your Mac DNS servers instead?

netsysadmin

Actually, that was my last resort, as there will be about 80 DNS records to create manually on the OS X servers, well on the primary DNS server.

I think that's what I'll be doing anyway.

However, for the sake of my understanding, could anyone explain to me why pfSense was not resolving the FQDN to the internal IP?

Thank you

johnpoz

"why pfSense was not resolving the FQDN to the internal IP?"

sure looks like it was to me

sens.mydom.com
Server:      10.40.0.1
Address:  10.40.0.1#53

Name:  sens.mydom.com
Address: 10.40.0.76 => CORRECT INTERNAL IP ADDRESS

netsysadmin

Actually I meant why pfSense was not resolving the FQDN to the internal IP, when the local machines use the Mac OS X servers as DNS servers, the latter pointing to pfSense as forwarding server.

cmb

@netsysadmin:

Actually I meant why pfSense was not resolving the FQDN to the internal IP, when the local machines use the Mac OS X servers as DNS servers, the latter pointing to pfSense as forwarding server.

Your shown nslookup results prove the OS X servers aren't actually using the forwarder to provide their answers.

netsysadmin

Your shown nslookup results prove the OS X servers aren't actually using the forwarder to provide their answers.

Yes I agree, but did not understand why.

What I understood is that, if I want to use pfSense's "host overrides", all LAN machines should use pfSense as their DNS server.
Using another internal DNS server, even if it is configured to use pfSense as a forwarding server, will not correctly resolve the entries in pfSense's "host overrides".

Did I understand correctly?

Thank you.

johnpoz

"all LAN machines should use pfSense as their DNS server."

Huh???

If your internal forwards to pfsense then, any overrides in pfsense would resolve to what you have the host override too.

See I created a host override, I setup my windows dns to forward to pfsense..  It resolves the host override I put in pfsense..

coxhaus

Since you have a local DNS server you can add an A record on your DNS server with the local IP address.  I have done this for a Web server so when you accessed the server from an outside registered DNS name the web server will resolve to an outside IP address from outside and if you are local the local DNS server will resolve the Web server name to a local IP address.

Chaining DNS server should work the same way as long as you are local since private IP addresses are not allowed on the internet.