Resolving hostnames on subnet
Do I put my subnet local DNS as one of the DNS entry in General Setup to be able to resolve hosts on my subnet?
Basically, my main network is 10.168.1.0/24 and I have a 10.168.2.0/24 subnet where DNSMasq is running as the DHCP and local DNS. I would like pfsens to be able to resolve hostnames in my subnet when looking at the firewall log.
put in domain override pointing to ns for this domain. Pfsense should be pointing to itself.
I am confused as to how to make this work.
Basically I have a dd-wrt router in AP mode for my wireless devices. My main WiFi network is part of my LAN (10.168.1.0/24). I have also configured a virtual AP for the guest WiFi, which is on its own subnet (10.168.2.0/24). I am using DNSMasq on my dd-wrt to be the DHCP and local DNS for the guest WiFi subnet. The guest WiFi subnet is isolated from my main LAN and only have access to the Internet.
I assume the IP of the DNSMasq would be the same as the dd-wrt virtual AP gateway to the subnet (10.168.2.1).
When I enter this for the DNS Resolver Domain Override:
This does not appear to work because the firewall log cannot resolve any addresses in the subnet. I even tried the dd-wrt AP LAN IP and that doesn't work either.
My guess is that the subnet and the main LAN are isolated and is preventing the domain override from working?
Here is the firewall rule on the dd-wrt AP:
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
br1 is the bridge to the virtual AP guest WiFi network. br0 is my main LAN.
If your local name server is not answering queries because you can not talk to it, then yeah kind of pointless having a local dns server.
Can you query it directly as a test using your fav dnq query tool, dig, drill, host, nslookup..
So in the pfSense DNS Resolver domain override, let me know if this is correct:
Domain: 10.168.2.in-addr.arpa (actual value)
IP: dd-wrt_IP (in this case it would be 10.168.1.2)
The problem is that it does not appear to be working. pfSense cannot resolve the subnet address:
nslookup 10.168.2.126 10.168.1.1
This works because I manually specify the local DNS to use as my dd-wrt AP:
nslookup 10.168.2.126 10.168.1.2
no that in-addr.arpa is not correct forf 10.168.2 it would be
Thank you! It is now working.