Resolving hostnames on subnet

DHCP and DNS
Log in to reply
  • M

    Do I put my subnet local DNS as one of the DNS entry in General Setup to be able to resolve hosts on my subnet?

    Basically, my main network is 10.168.1.0/24 and I have a 10.168.2.0/24 subnet where DNSMasq is running as the DHCP and local DNS.  I would like pfsens to be able to resolve hostnames in my subnet when looking at the firewall log.

    0
  • johnpoz
    LAYER 8 Global Moderator

    put in domain override pointing to ns for this domain.  Pfsense should be pointing to itself.

    0
  • M

    I am confused as to how to make this work.

    Basically I have a dd-wrt router in AP mode for my wireless devices.  My main WiFi network is part of my LAN (10.168.1.0/24).  I have also configured a virtual AP for the guest WiFi, which is on its own subnet (10.168.2.0/24).  I am using DNSMasq on my dd-wrt to be the DHCP and local DNS for the guest WiFi subnet.  The guest WiFi subnet is isolated from my main LAN and only have access to the Internet.

    I assume the IP of the DNSMasq would be the same as the dd-wrt virtual AP gateway to the subnet (10.168.2.1).

    When I enter this for the DNS Resolver Domain Override:
    Domain: 10.168.2.in-addr.arpa
    IP: 10.168.2.1

    This does not appear to work because the firewall log cannot resolve any addresses in the subnet.  I even tried the dd-wrt AP LAN IP and that doesn't work either.

    My guess is that the subnet and the main LAN are isolated and is preventing the domain override from working?

    Here is the firewall rule on the dd-wrt AP:

    
iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`

    br1 is the bridge to the virtual AP guest WiFi network.  br0 is my main LAN.

    0
  • johnpoz
    LAYER 8 Global Moderator

    If your local name server is not answering queries because you can not talk to it, then yeah kind of pointless having a local dns server.

    Can you query it directly as a test using your fav dnq query tool, dig, drill, host, nslookup..

    0
  • M

    So in the pfSense DNS Resolver domain override, let me know if this is correct:
    Domain: 10.168.2.in-addr.arpa (actual value)
    IP: dd-wrt_IP (in this case it would be 10.168.1.2)

    The problem is that it does not appear to be working.  pfSense cannot resolve the subnet address:

    nslookup 10.168.2.126 10.168.1.1

    This works because I manually specify the local DNS to use as my dd-wrt AP:

    nslookup 10.168.2.126 10.168.1.2
    0
  • johnpoz
    LAYER 8 Global Moderator

    no that in-addr.arpa is not correct forf 10.168.2 it would be

    2.168.10.in-addr.arpa

    0
  • M

    Thank you!  It is now working.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy