PfSense nslookup - local IP instead of public IP???

rgerbranda

Our pfSense is configured with a public IP and a public A record (pfsense.ourdomain.nl)

When I query the DNS on the pfSense server, with the FQDN of the A record, the local IP is returned!?!!

Why does pfSense replace the public IP by the local IP?
Is it possible to stop this?

JKnott

As I understand it, there are 2 ways pfSense can know your local address, you specifically configure it in resolver/forwarder or you configure the dhcp server to accept the host name and then pfSense can use it for DNS lookup.

BTW, why wouldn't you want to use the local address on the local network?

kpa

"Services->DNS Forwarder->Register DHCP leases in DNS forwarder" if you're using the DNS Forwarder, "Services->DNS Resolver->Register DHCP leases in DNS forwarder" if using the DNS Resolver. Turning the option off will stop pfSense from registering the local addresses from DHCP leases as local overrides.

However, you probably don't want to do that because your local LAN clients would then try to access other LAN hosts by their public IP addresses and that requires more complicated methods (NAT reflection) to work. What you should do when querying the addresses from the pfSense command line is to use a public DNS such as the google DNS at 8.8.8.8:

dig @8.8.8.8 myhost.ourdomain.nl

KOM

Is it possible to stop this?

Why would you want to?  You get the same result regardless and it is more efficient.

https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

You are already using method #2 which is the more elegant solution.