Weird DNS problem

AMD_infinium05

pfsense 2.3.3

So everything works fine except one domain…
nslookup is done from a workstation, with dns set to pfsense, and gateway pfsense. the firewall rules are empty except the default allow all.

nslookup www.yahoo.com; nslookup subdomain.domain2.com; nslookup www.gmail.com; and etc works fine!

however nslookup mysubdomain.mydomain.com returns nothing, hence ping to mysubdomain.mydomain.com is also not working. ping to its public IP address is working fine.  :o

using nslookup mysubdomain.mydomain.com 8.8.8.8 –-- is fine, nslookup can answer with the ip address when querying directly to google public dns A server.

I have gone through all the pages of pfsense but I couldnt understand why pfsense is not resolving anything with ONE specific domain *.mydomain.com even the www.mydomain.com is not being resolved by pfsense. I have not changed anything in the last days with dns, this just happend yesterday.

workstation is resolving to everything except one domain and its subdomains.

Could you please suggest where else to look at?

AMD_infinium05

running the dns lookup at Diagnostics > DNS Lookup, pfsense can resolve to its ip address. but from a workstation in LAN it cannot.

This is very weird.

AMD_infinium05

This is partially solved by putting this in Services > DNS Resolver > custom options

local-data: "mysubdomain.mydomain.net A 111.111.11.11"

but when I remove this, the problem would immediately go back, it would be very helpful to know what is the underlying issue and cause - if this is a bug or not.

johnpoz

pfsense is not resolving what domain exactly?  If you don't want to post it public send it to me PM.. My guess would be you put some rfc1918 address in your public domain.  Pfsense will not resolve this out of the box because it would be rebind attack.

Or maybe you have dnssec messed up?  If you send me the actual FQDN your trying to resolve then can take a look to what the public dns and if any issues with it, and why pfsense might have a problem with it, etc.

AMD_infinium05

@johnpoz:

pfsense is not resolving what domain exactly?  If you don't want to post it public send it to me PM.. My guess would be you put some rfc1918 address in your public domain.  Pfsense will not resolve this out of the box because it would be rebind attack.

Or maybe you have dnssec messed up?  If you send me the actual FQDN your trying to resolve then can take a look to what the public dns and if any issues with it, and why pfsense might have a problem with it, etc.

Hello John, I just sent you PM. It would really be great if we find the root isue. take note that I wasn't changing anything with rules,dns,etc. but only add more WAN in pfsense.

johnpoz

I answered your PM - I show no issues resolve those..  See the questions in my PM about what pfsense is using for dns, itself 127.0.0.1 should be the only thing if using the resolver.  What domain is pfsense using.  What errors do you get in the resolver if you up the logging level?  When client tries to resolve?  You didn't set a domain override did you?

AMD_infinium05

Hello All,

I deleted the entry I made in the advanced custom box for DNS resolver, and that domain that was previously not working just works now.

I did NOT do anything with it!  ???

johnpoz

Your welcome ;) hehehe