flush dns after wan ip change
-
@gregor4711 said in flush dns after wan ip change:
But I discover in my setup one issue, the dns cache would not updated after a new WAN IP was provided by internet provider from pfsense.
Why should it do that?
A WAN IP change can trigger an DynDNS update. But why should it flush the resolver cache?
-
I have an owncloud and mail server behind pfsense FW.
It is connected to an dyndns service since. My ISP change all 24h the IP, which is my WAN IP.- after the change of IP from ISP, the update of official DNS is proceed within less than 30 sec.
- If I call my email server from outside (via mobile etc.) the mail server is up and working.
- If I call from inside (behind pfsense ) the domain name is not more aviable since it route to the old ip.
- If I flush pfsense dns resolver & DNS Server manually all is fine again:)
- Therefore I would like to have automatic restart of DNS resolver an DNS server in pfsense after wan IP change
-
A better solution would be to setup DNS overrides for your hostnames.
-
How this can work, wegen the IP is changed all 24 hours?
-
The DNS host override declares the IP of your mail host.
On the Internet , your DDNS service will resolver your domain to your WAN IP.
Locally, a host override (same URL) will resolve to a local LAN IP (and that one never changes).Using host overrides, you do not use the WAN IP, but the LAN IP.
-
Gertjan, many thanks for your exelent explanation of how it works.
I'll try next days and will come back with the result -
Of course, this requires that your clients use an internal DNS service like the Resolver of pfSense.
So in the Resolver settings go down to host overrides and add your hosts by entering its FQDN and its local IP. -
ok, now I got it. That means, the resolver will not ask the outside dns, but will deliver lokal IP when client ask for the dns www.xxxxx.yy, right?
What is with the cert? It is linked to dns (https://www.xxxxx.yy) name but not do local ip, will it still work, if the resolver provide lokal ip?
-
https://www.netgate.com/docs/pfsense/nat/accessing-port-forwards-from-local-networks.html#method-2-split-dns yes certs issued for a domain name don't care about the IP address.
-
Exact.
Certs are host + domain based. The IP is a don't care. -
Thank you all for you valuable support, I'll try and come back later (maby with new questions :))
