Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why is the DNS entry for pfsense the lan interface?

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 3 Posters 803 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      Journer
      last edited by

      I have multiple "LAN" interfaces, all on different subnets.  I have Unbound running on all of them.  When I execute a dig or nslookup, The DNS server which responded is the IP of the interface which the machine is connected to, which is what I expect.

      However, the DNS entry of pfsense is the IP address of pfsense on the LAN interface, which is not what I expect.  My expectation is that I'm responded to with the IP of the router on whatever interface I'm connected to.

      e.g.
      router name: pfsense.myweb.com
      LAN- 192.168.1.1
      OPT1 - 192.168.2.1

      On client connected to LAN:

      nslookup pfsense.myweb.com
      Server:        192.168.1.1
      Address:        192.168.1.1#53

      Name:    pfsense.myweb.com
      Address: 192.168.1.1

      On client connected to OPT1:

      nslookup pfsense.myweb.com
      Server:        192.168.2.1
      Address:        192.168.2.1#53

      Name:    pfsense.myweb.com
      Address: 192.168.2.1

      Have I goofed up the config somewhere or is this just wishful thinking? :)
      I guess the DNS record would be kind of "dynamic" based on where the request is coming from, not sure if that is possible.

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        doesn't work that way.. its a dns query for the specific FQDN pfsense.myweb.com

        What you can do is create host overrrides for subdomain or different fqdn…  So for example I have

        pfsense.local.lan is my lan IP.
        pfsense.wlan.local.lan for my wlan interface
        pfsense.dmz.local.lan for my dmz interface
        etc. etc..

        You could create views in unbound now to do what you want though.. But can not do it in the gui as of yet. With a view you could  do what you want... I went over it here
        https://forum.pfsense.org/index.php?topic=126740.msg699877#msg699877

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

        1 Reply Last reply Reply Quote 0
        • D Offline
          doktornotor Banned
          last edited by

          @johnpoz:

          You could create views in unbound now to do what you want though.. But can not do it in the gui as of yet. With a view you could  do what you want… I went over it here
          https://forum.pfsense.org/index.php?topic=126740.msg699877#msg699877

          Opened a feature request for tracking here: https://redmine.pfsense.org/issues/7852

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            Thanks dok.. A gui way to do this would be nice addition for sure..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

            1 Reply Last reply Reply Quote 0
            • J Offline
              Journer
              last edited by

              Thanks both! This makes sense… will give it a whirl.

              Would be great if that feature would include an option (default?) to automatically add views for resolving the pfsense's fqdn to the interface which the query is coming in on.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.