Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver intranet clients and hosting

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 3 Posters 761 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      kidalabama
      last edited by kidalabama

      2.jpeg

      only problem is intranet users can't run, i hosted domains problem.

      NAT Config

      WAN TCP/UDP * * WAN address 53 (DNS) 192.168.1.102 53 (DNS) dns

      dig xyz.com

      ; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> nurettinalp.com
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59902
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 4096
      ;; QUESTION SECTION:
      ;xyz.com. IN A

      ;; Query time: 0 msec
      ;; SERVER: 192.168.1.1#53(192.168.1.1)
      ;; WHEN: Mon Jan 11 17:01:48 +03 2021
      ;; MSG SIZE rcvd: 44

      V 1 Reply Last reply Reply Quote 0
      • V Offline
        viragomann @kidalabama
        last edited by

        @kidalabama
        You have to add a domain override for xyz.com to the DNS resolver pointing to your internal server.

        K 2 Replies Last reply Reply Quote 0
        • K Offline
          kidalabama @viragomann
          last edited by kidalabama

          @viragomann i have got lot of domain and when disable bridge mode problem solve but i want use modem in bridge mode.

          i can solve problem with

          "DNS Query Forwarding
          Enable Forwarding Mode If this option is set, DNS queries will be forwarded to the upstream DNS servers defined under System > General Setup or those obtained via DHCP/PPP on WAN (if DNS Server Override is enabled there)."

          8.8.8.8
          8.8.4.4

          but i want use pfsense's dns resolver. or i can use 192.168.1.102 dns server.

          if problem 8.8.8.8 or 192.168.1.102 pfsense not running. or i can use bind dns server.

          V 1 Reply Last reply Reply Quote 0
          • V Offline
            viragomann @kidalabama
            last edited by

            @kidalabama
            Do these domains resolve to private IP addresses?

            S 1 Reply Last reply Reply Quote 0
            • S Offline
              SteveITS Rebel Alliance @viragomann
              last edited by

              Is xyz.com a real domain? The reason for using NAT on port 53 would be so the world would be able to access DNS. If you want the NAT rule to work from inside, you need to enable NAT reflection in System->Advanced->Firewall & NAT. Otherwise as viragomann suggests you can set a domain override in Services->DNS Resolver to have LAN computers be told to access the local server for DNS requests for that domain.

              Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
              Upvote 👍 helpful posts!

              K 1 Reply Last reply Reply Quote 0
              • K Offline
                kidalabama @viragomann
                last edited by

                @viragomann dig dns status: SERVFAIL nothing found. neither public ip nor private ip.

                1 Reply Last reply Reply Quote 0
                • K Offline
                  kidalabama @SteveITS
                  last edited by

                  @teamits yes a lot of real domain and already opened

                  Enable NAT Reflection for 1:1 NAT
                  Enable automatic outbound NAT for Reflection.

                  this problem happened when cable modem chenged to bridge mode(old router mode)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.