Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Resolving hostnames on subnet

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mifronte
      last edited by

      Do I put my subnet local DNS as one of the DNS entry in General Setup to be able to resolve hosts on my subnet?

      Basically, my main network is 10.168.1.0/24 and I have a 10.168.2.0/24 subnet where DNSMasq is running as the DHCP and local DNS.  I would like pfsens to be able to resolve hostnames in my subnet when looking at the firewall log.

      SuperMicro Atom C2758 A1SRI-2758F 16GB
      2.8.0 (amd64)

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        put in domain override pointing to ns for this domain.  Pfsense should be pointing to itself.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • M
          mifronte
          last edited by

          I am confused as to how to make this work.

          Basically I have a dd-wrt router in AP mode for my wireless devices.  My main WiFi network is part of my LAN (10.168.1.0/24).  I have also configured a virtual AP for the guest WiFi, which is on its own subnet (10.168.2.0/24).  I am using DNSMasq on my dd-wrt to be the DHCP and local DNS for the guest WiFi subnet.  The guest WiFi subnet is isolated from my main LAN and only have access to the Internet.

          I assume the IP of the DNSMasq would be the same as the dd-wrt virtual AP gateway to the subnet (10.168.2.1).

          When I enter this for the DNS Resolver Domain Override:
          Domain: 10.168.2.in-addr.arpa
          IP: 10.168.2.1

          This does not appear to work because the firewall log cannot resolve any addresses in the subnet.  I even tried the dd-wrt AP LAN IP and that doesn't work either.

          My guess is that the subnet and the main LAN are isolated and is preventing the domain override from working?

          Here is the firewall rule on the dd-wrt AP:

          
          iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
          iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
          
          

          br1 is the bridge to the virtual AP guest WiFi network.  br0 is my main LAN.

          SuperMicro Atom C2758 A1SRI-2758F 16GB
          2.8.0 (amd64)

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            If your local name server is not answering queries because you can not talk to it, then yeah kind of pointless having a local dns server.

            Can you query it directly as a test using your fav dnq query tool, dig, drill, host, nslookup..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • M
              mifronte
              last edited by

              So in the pfSense DNS Resolver domain override, let me know if this is correct:
              Domain: 10.168.2.in-addr.arpa (actual value)
              IP: dd-wrt_IP (in this case it would be 10.168.1.2)

              The problem is that it does not appear to be working.  pfSense cannot resolve the subnet address:

              nslookup 10.168.2.126 10.168.1.1
              

              This works because I manually specify the local DNS to use as my dd-wrt AP:

              nslookup 10.168.2.126 10.168.1.2
              

              SuperMicro Atom C2758 A1SRI-2758F 16GB
              2.8.0 (amd64)

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                no that in-addr.arpa is not correct forf 10.168.2 it would be

                2.168.10.in-addr.arpa

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • M
                  mifronte
                  last edited by

                  Thank you!  It is now working.

                  SuperMicro Atom C2758 A1SRI-2758F 16GB
                  2.8.0 (amd64)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.