OpenVPN and DNS - not resolving internal names

  • Hi folks,

    I have the following setup and working:

    Pfsense 2.3.4 with DNS and DHCP working. I also have openvpn setup and its working (somewhat). When I am local in my LAN, I can resolve internal names, for example
    When I use openvpn, I tunnel all internet traffic thru the tunnel. When I go to, it resolves and works just fine. When I enter an IP address of my NAS into the browser like, I can get the NAS web interface no problem. However, when I enter when using the vpn tunnel, it does not get resolved.

    The DNS Resolver has the proper Access List entered, and I permit the VPN tunnel subnet to access the DNS resolver (local LAN is; VPN is

    I have static DHCP and DHCP Reg. checked. In Host Overrides, I have entered the proper info (its working fine from internal LAN).

    So basically everything is working find and as it should from local LAN, browsing the internet and accessing local servers and sites via IP over the tunnel works fine, just using DNS names over the tunnel for internal servers and sites, does not work.

    Any ideas?



  • Doing some more digging and found this issue:

    On a remote PC (client), the Win7 Pro install gets a domain from an AD. So the PC has as domain name. I have OpenVPN installed, and as I said in my first post, everything is working fine, besides resolving names as entered in Host Overrides.

    When I do "nslookup -d", these are are the details I get:

    C:\Users\eduard>nslookup -d
    Got answer:
            opcode = QUERY, id = 1, rcode = NOERROR
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 1,  authority records = 0,  additional = 0
  , type = PTR, class = IN
            name =
            ttl = 3600 (1 hour)
    Got answer:
            opcode = QUERY, id = 2, rcode = NXDOMAIN
            header flags:  response, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0
  , type = A, class = IN
        ->  (root)
            ttl = 3396 (56 mins 36 secs)
            primary name server =
            responsible mail addr =
            serial  = 2017051701
            refresh = 1800 (30 mins)
            retry   = 900 (15 mins)
            expire  = 604800 (7 days)
            default TTL = 86400 (1 day)

    So what is happening, is, that windows will append, to the internal FQDN that I am trying to reach, in this case, but it should just be

    When I do a DNS leak test, it all clears and nothing is leaked, so the remote DNS server does not see my DNS queries …

    Hope this makes sense.

    Am I missing something, or why is this not working?


Log in to reply