Respond to DNS Broadcast request
-
Hi
Should pfsense respond to a local DNS broadcast request ?
I've done a packet capture and I can see the request hit the pfSense box, but I don't see any reply:This is whats recieved :
Frame 412: 72 bytes on wire (576 bits), 72 bytes captured (576 bits) Ethernet II, Src: Fozeon_00:23:04 (00:12:23:00:23:04), Dst: Broadcast (ff:ff:ff:ff:ff:ff) Internet Protocol Version 4, Src: 192.168.1.10, Dst: 255.255.255.255 User Datagram Protocol, Src Port: 32816, Dst Port: 53 Domain Name System (query) Transaction ID: 0x0001 Flags: 0x0100 Standard query Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries splicepbx.uk: type MX, class IN Name: domain.com [Name Length: 12] [Label Count: 2] Type: MX (Mail eXchange) (15) Class: IN (0x0001)
The box is running DNS Resolver and not DNS Forwarder.
The portal front page shows:
DNS server(s)
127.0.0.1
ISP ADDRESS1
ISP ADDRESS2
8.8.8.8
8.8.4.4How do I get the pfsense DNS to respond to local DNS broadcasts ?
Thanks
-
There is no such thing as DNS broadcast, DNS resolution is purely UDP (in some rare cases TCP) unicast. No idea what the quoted traffic is but it's definitely not standard DNS. The only proper broadcast/multicast DNS in existence is the mDNS system that uses UDP port 5353.
-
That device – not pfSense -- most likely has a broken network configuration. Wrong subnet mask, missing gateway, etc.
-
Thanks for the replies.
The information I've been given is :
'broadcast a DNS request for a mail server (MX) for the domain'I assume we would expect this to be a standard MX Lookup ?
-
No, standard MX lookup is not a broadcast.
-
A query for MX is not a broadcast - its a query for the MX record to your dns.. Just like any other query for any other record type, be it A, TXT, SRV, SOA, AAAA, etc. etc.
The box is running DNS Resolver and not DNS Forwarder.
The portal front page shows:
DNS server(s)
127.0.0.1
ISP ADDRESS1
ISP ADDRESS2
8.8.8.8
8.8.4.4If your pfsense is running resolver than everything on that list other than 127.0.0.1 is pointless!!
-
Thanks. I've removed the other IP Address from DNS.
Now it's only listing :
DNS server(s) 127.0.0.1Is there anyway to see what addresses it is resolving ? a list of domains to IP that have been resolved ?
Thanks
-
you can up the logging of unbound if you wish.
Its not very friendly way to see what domains are being queried - you could also look into its cache if you wanted. You could run something like dnstop on your network if your interested what domains are being asked for and or the amount of them.
Or something like pihole gives a easy to read and understand listing of your top dns requesters from your client base and what domains are being asked for and just simple to look at the query log, etc.
What exactly are you looking for in the record of dns queries - total number of them, what domains? What the clients are asking for, etc.?