Internal domain DNS getting lost across VPN
tomsted last edited by
I hope this is the correct forum, this involves DNS but also a VPN connection.
I manage a location with 2 satellite offices that connect through IPSEC tunnels to the main site. Client PCs at the remote sites are configured to use the IP of the local pfSense device for DHCP/DNS (DNS forwarder) services, and there is a domain override pointing to the DNS server at the main office.
The problem is only with one site (and always seems to happen on the weekend), about every 2 months, users computer at the site take a long time to login and cannot access their files on the server at the main location. When I get in to diagnose the problem, they can ping the DNS server at the main location, but a DNS query times out. Internet lookups work correctly, it's only the internal DNS domain that's not accessible. The VPN status shows connected (I can ping through the VPN) and the first couple of times it happened i just rebooted the pfSense box, because I was on the road or away from the office and didn't have time to check the problem further, but starting about January, rebooting the pfSense unit did not fix the problem and restarting the DNS service (after the reboot) did. I assumed that rebooting the pfSense box would have restarted the DNS service, but after rebooting and then restarting the DNS service, everything was up and running.
With that in mind, one of the last times it happened, I found that i was able to just restart the DNS service and get everything working again.
Then, this past Saturday morning, when they were having the problem, I restarted the DNS service, found things to be working properly until a couple hours later when I received the call again. This time I rebooted the pfSense box, restarted the DNS service and everything was fine the rest of the day.
I'm not sure what to look at/for, since I didn't see anything out of the ordinary in the DNS log Saturday morning.
The pfSense box is running 2.3.3-release-p1 with 2 Xeon CPUs and 4GB of RAM.
Any ideas would be greatly appreciated.