4. Resolving hostnames on subnet

Resolving hostnames on subnet

  • M

    Do I put my subnet local DNS as one of the DNS entry in General Setup to be able to resolve hosts on my subnet?

    Basically, my main network is 10.168.1.0/24 and I have a 10.168.2.0/24 subnet where DNSMasq is running as the DHCP and local DNS.  I would like pfsens to be able to resolve hostnames in my subnet when looking at the firewall log.

    0
  • LAYER 8 Global Moderator

    put in domain override pointing to ns for this domain.  Pfsense should be pointing to itself.

    0
  • M

    I am confused as to how to make this work.

    Basically I have a dd-wrt router in AP mode for my wireless devices.  My main WiFi network is part of my LAN (10.168.1.0/24).  I have also configured a virtual AP for the guest WiFi, which is on its own subnet (10.168.2.0/24).  I am using DNSMasq on my dd-wrt to be the DHCP and local DNS for the guest WiFi subnet.  The guest WiFi subnet is isolated from my main LAN and only have access to the Internet.

    I assume the IP of the DNSMasq would be the same as the dd-wrt virtual AP gateway to the subnet (10.168.2.1).

    When I enter this for the DNS Resolver Domain Override:
    Domain: 10.168.2.in-addr.arpa
    IP: 10.168.2.1

    This does not appear to work because the firewall log cannot resolve any addresses in the subnet.  I even tried the dd-wrt AP LAN IP and that doesn't work either.

    My guess is that the subnet and the main LAN are isolated and is preventing the domain override from working?

    Here is the firewall rule on the dd-wrt AP:

    
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`

    br1 is the bridge to the virtual AP guest WiFi network.  br0 is my main LAN.

    0
  • LAYER 8 Global Moderator

    If your local name server is not answering queries because you can not talk to it, then yeah kind of pointless having a local dns server.

    Can you query it directly as a test using your fav dnq query tool, dig, drill, host, nslookup..

    0
  • M

    So in the pfSense DNS Resolver domain override, let me know if this is correct:
    Domain: 10.168.2.in-addr.arpa (actual value)
    IP: dd-wrt_IP (in this case it would be 10.168.1.2)

    The problem is that it does not appear to be working.  pfSense cannot resolve the subnet address:

    nslookup 10.168.2.126 10.168.1.1

    This works because I manually specify the local DNS to use as my dd-wrt AP:

    nslookup 10.168.2.126 10.168.1.2
    0
  • LAYER 8 Global Moderator

    no that in-addr.arpa is not correct forf 10.168.2 it would be

    2.168.10.in-addr.arpa

    0
  • M

    Thank you!  It is now working.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy