pfSense v2.4.5 not able to resolve Domain Overrides against itself
-
I'm having a new DNS issue, appears to be related to the v2.4.5 upgrade...
pfSense is configured with 4 external DNS provides (Quad9, IPv4 + IPv6)
I have a Domain Override configured for home.lan, which forwards to my local Domain Controllers
DHCP is configured to provide DHCP Users with the IP Address of pfSense
From my workstation on the user lan, I can resolve A records for home.lan, which means pfsense is correctly applying the domain override and forwarding requests from the user lan to the domain controller(s) in the server network.
pfSense itself, cannot resolve A records for home.lan, as a result, all of my aliases which reference dns names on home.lan are failing, and the tables are now empty.
-
Was there a behavior change, or setting that might have been reverted as part of the 2.4.5 upgrade that might cause this issue?
-
I just tested my 2.4.5 build and it's working as expected.
-
Is your DNS resolver bound to all network interfaces?
-
Are your outbound queries only bound to LAN, I find that works best, esepcially if the domain override server is over a VPN.
-
-
Reviewing my settings...
System > General Settings > Disable DNS Forwarder is unchecked
DNS Resolver Settings
Custom Options syntax
server:
forward-zone:
name: "."
forward-ssl-upstream: yes
forward-addr: 9.9.9.9@853
forward-addr: 149.112.112.112@853
forward-addr: 2620:fe::fe@853
forward-addr: 2620:fe::9@853...ct
-
@cthomas What do you have System -> General Setup -> DNS Server Settings ->Disable DNS Forwarder set? The description appears apropos to your situation:
Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall
By default localhost (127.0.0.1) will be used as the first DNS server where the DNS Forwarder or DNS Resolver is enabled and set to listen on localhost, so system can use the local DNS service to perform lookups. Checking this box omits localhost from the list of DNS servers in resolv.conf.Cheers, Liam