New install, pfsense in ESXi cant resolve hostnames with static IP address



  • I have a pfSense box setup as a virtual machine in ESXI the same way I have another pfSense appliance with dedicated hardware setup. Everything appears to be working correctly in the VM (vlans, interfaces, etc). The problem is pfSense cannot resolve any devices that are connected with static IP by hostname. Even with "Register DHCP static mappings in the DNS Resolver" checked.

    In pfSenese under DNS lookup, any machine on the network with a static IP address cannot be resolved by hostname. nslookup on those same machines points to the firewall for DNS. Also my hostname overrides in DNS forwarder for internal websites is working. All DHCP addresses can be resolved by hostname but if trying to resolve from another machine, you must type hostname.<pfsensedomain>. Which is strange because a identical setup in the other office using a dedicated pfSense box has the same setup and machines automatically append the firewall domain to the end so typing "ping hostname" works.

    The only difference in the setup that works and the one that isn't as far as I can tell is one is in ESXi and the working version is using a dedicated firewall box. Both are using VLANs and multiiple interfaces. The machines on this new ESXi setup were resolving all hostnames fine with a old and basic consumer grade wireless router handling everything. It's just that functionality that seems to not be working correctly since moving to pfSense in ESXi.

    If I add hostname override for each machine that has a static IP, other machines can ping them by hostname. So it appears the "Register DHCP static mappings in the DNS Resolver" feature is not working with DNS Resolver.

    Any idea what is going on or how it can make this box start to automatically register hostnames for machines with static IP addresses?

    Static IP Machine DIG
    ; <<>> DiG 9.10.3-P4-Ubuntu <<>>
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52331
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;. IN NS

    ;; ANSWER SECTION:
    . 211203 IN NS j.root-servers.net.
    . 211203 IN NS a.root-servers.net.
    . 211203 IN NS f.root-servers.net.
    . 211203 IN NS c.root-servers.net.
    . 211203 IN NS d.root-servers.net.
    . 211203 IN NS b.root-servers.net.
    . 211203 IN NS e.root-servers.net.
    . 211203 IN NS l.root-servers.net.
    . 211203 IN NS i.root-servers.net.
    . 211203 IN NS m.root-servers.net.
    . 211203 IN NS g.root-servers.net.
    . 211203 IN NS k.root-servers.net.
    . 211203 IN NS h.root-servers.net.

    ;; Query time: 31 msec
    ;; SERVER: 192.168.0.1#53(192.168.0.1)
    ;; WHEN: Fri Jul 07 08:50:55 EDT 2017
    ;; MSG SIZE  rcvd: 239

    DHCP Machine DIG

    ; <<>> DiG 9.10.3-P4-Ubuntu <<>>
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14538
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;. IN NS

    ;; ANSWER SECTION:
    . 200667 IN NS m.root-servers.net.
    . 200667 IN NS l.root-servers.net.
    . 200667 IN NS h.root-servers.net.
    . 200667 IN NS c.root-servers.net.
    . 200667 IN NS b.root-servers.net.
    . 200667 IN NS i.root-servers.net.
    . 200667 IN NS e.root-servers.net.
    . 200667 IN NS a.root-servers.net.
    . 200667 IN NS k.root-servers.net.
    . 200667 IN NS d.root-servers.net.
    . 200667 IN NS f.root-servers.net.
    . 200667 IN NS j.root-servers.net.
    . 200667 IN NS g.root-servers.net.

    ;; Query time: 35 msec
    ;; SERVER: 127.0.1.1#53(127.0.1.1)
    ;; WHEN: Fri Jul 07 10:31:38 EDT 2017
    ;; MSG SIZE  rcvd: 239

    nslookup FreeNas
    Server: 192.168.0.1
    Address: 192.168.0.1#53

    ** server can't find FreeNas: NXDOMAIN

    DHCP example

    nslookup tpc1
    Server: 192.168.0.1
    Address: 192.168.0.1#53

    ** server can't find tpc1: NXDOMAIN

    nslookup tpc1.yodomain
    Server: 192.168.0.1
    Address: 192.168.0.1#53

    Name: tpc1.yodomain
    Address: 192.168.0.146

    ![Screenshot from 2017-07-07 08-53-51.png](/public/imported_attachments/1/Screenshot from 2017-07-07 08-53-51.png)
    ![Screenshot from 2017-07-07 08-53-51.png_thumb](/public/imported_attachments/1/Screenshot from 2017-07-07 08-53-51.png_thumb)
    ![Screenshot from 2017-07-07 08-55-24.png](/public/imported_attachments/1/Screenshot from 2017-07-07 08-55-24.png)
    ![Screenshot from 2017-07-07 08-55-24.png_thumb](/public/imported_attachments/1/Screenshot from 2017-07-07 08-55-24.png_thumb)
    ![Screenshot from 2017-07-07 08-56-05.png](/public/imported_attachments/1/Screenshot from 2017-07-07 08-56-05.png)
    ![Screenshot from 2017-07-07 08-56-05.png_thumb](/public/imported_attachments/1/Screenshot from 2017-07-07 08-56-05.png_thumb)</pfsensedomain>



  • Also, here are the firewall rules for the network in question

    ![Screenshot from 2017-07-07 09-30-35.png](/public/imported_attachments/1/Screenshot from 2017-07-07 09-30-35.png)
    ![Screenshot from 2017-07-07 09-30-35.png_thumb](/public/imported_attachments/1/Screenshot from 2017-07-07 09-30-35.png_thumb)


Log in to reply