DNS Resolver with VLANs



  • Hi guys,

    I'm experiencing a problem probably with DNS config and don't really understand, is it a bug in my config or a feature.

    Config:
    pfSense 2.3.4-p1,
    Hostname: pfsense, domain: mydomain.tld

    LAN: 192.168.15.0/24
    Guest VLAN: 192.168.20.0/24
    Media VLAN: 192.168.30.0/24

    In LAN

    ipconfig /all
      Primary Dns Suffix  . . . . . . . :

      DNS Suffix Search List. . . . . . : mydomain.tld
    ...
      DHCP-Server  . . . . . . . . . . : 192.168.15.1
      DNS-Server  . . . . . . . . . . . : 192.168.15.1

    C:>ping pfsense

    Pinging pfsense.mydomain.tld [[b]192.168.15.1] with 32 bytes of data:
    Reply from 192.168.15.1: bytes=32 time<1ms TTL=64             
    Reply from 192.168.15.1: bytes=32 time<1ms TTL=64

    In Guest VLAN:

    ipconfig /all
      Primary Dns Suffix  . . . . . . . :

      DNS Suffix Search List. . . . . . : mydomain.tld
    ...
      DHCP-Server  . . . . . . . . . . : 192.168.20.1
      DNS-Server  . . . . . . . . . . . : 192.168.20.1

    C:>ping pfsense

    Pinging pfsense.mydomain.tld [[b]192.168.15.1] with 32 bytes of data:
    Timeout
    Timeout

    The DNS-Server and the DHCP-Server are resolved correct in the VLAN, but not the host pfsense.
    I thought that pfsense.mydomain.tld would be resolved in VLAN with 192.168.20.1.

    I'm going to config more VLANs and would expect, that pfsense.mydomain.tld would be resolved in each VLAN with its VLAN-IP as the DHCP- and DNS-Server.
    Is there anything wrong in my config?


  • Rebel Alliance Global Moderator

    "I thought that pfsense.mydomain.tld would be resolved in VLAN with 192.168.20.1. "

    You though wrong here ;)

    Doesn't work that way.. I you want it to work like that you have a few options.

    I take it your using unbound.  So create host entries with different subdomain for your what you want to resolve ie
    pfsense.sub.mydomain.tld
    pfsense.othersub.mydomain.tld

    Or you create different views with unbound so that when you query pfsense.mydomain.tld from vlanX you get back that IP, if you query it from vlanY you get vlanY IP, etc.  Take a bit to setup if you have a lot of vlans.. but can be done



  • @johnpoz:

    Or you create different views with unbound so that when you query pfsense.mydomain.tld from vlanX you get back that IP, if you query it from vlanY you get vlanY IP, etc.  Take a bit to setup if you have a lot of vlans.. but can be done

    Thanks! Is there a tutorial for views creating with Unbound available?


  • Rebel Alliance Global Moderator

    I had gone over it in a thread a while back, I think it has come up a few times.. Let me look for it.

    edit: here you go https://forum.pfsense.org/index.php?topic=126740.0



  • @johnpoz:

    I had gone over it in a thread a while back, I think it has come up a few times.. Let me look for it.

    edit: here you go https://forum.pfsense.org/index.php?topic=126740.0

    I tried it. Without sucess.



  • Rebel Alliance Global Moderator

    U might have some issues with the double server stuff let me look closer at ur post when at cpu vs phone



  • @johnpoz:

    U might have some issues with the double server stuff let me look closer at ur post when at cpu vs phone

    UR right! With single server definition is works!

    Thanks for your support!

    Anyway, is there any kind of docu or samles for view definition available beside your post?



  • Rebel Alliance Global Moderator

    Yeah its called the unbound documentation ;)

    https://www.unbound.net/documentation/