Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DNS Forwarder dnsmasq not working

    DHCP and DNS
    3
    3
    1911
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CrisKolkman last edited by

      Hello all,

      I am trying to use DNS Forwarder to make PfSense response to a specific wildcard domain, but it is not working.
      This is my /usr/local/etc/dnsmasq.conf:

      # Tells dnsmasq to never forward queries for plain names, without dots or domain parts, to upstream nameservers.
      # If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned.
      domain-needed
      # Bogus private reverse lookups.
      # All reverse lookups for private IP ranges (ie 192.168.x.x, etc) which are not found in /etc/hosts or the DHCP leases file are answered
      # with "no such domain" rather than being forwarded upstream.
      bogus-priv
      #
      # LAN domain lookups
      #
      # Add local-only domains here, queries in these domains are answered
      # from /etc/hosts or DHCP only.
      local=/mydomain/
      domain=mydomain
      #
      # Add the domain to simple names (without a period) in /etc/hosts in the same way as for DHCP-derived names.
      # Note that this does not apply to domain names in cnames, PTR records, TXT records etc.
      expand-hosts
      #
      # increase DNS cache size
      cache-size=10000
      # Set the maximum number of concurrent DNS queries. The default value is 150
      dns-forward-max=300
      resolv-file=/var/etc/resolv.conf
      #conf-dir=/usr/local/etc/dnsmasq.d
      address=/.sub.domain.io/127.0.0.1
      

      But it keeps forwarding the requests to Google DNS server:

      
      Jan 4 15:34:48	dnsmasq	62855	query[A] testing.sub.domain.io from 192.168.200.244
      Jan 4 15:52:08	dnsmasq	62855	forwarded testing.sub.domain.io to 8.8.4.4
      Jan 4 15:52:08	dnsmasq	62855	reply testing.sub.domain.io is EXTERNAL_IP
      
      

      Running:

      
      Version	2.4.2-RELEASE-p1 (amd64) 
      built on Tue Dec 12 13:45:26 CST 2017 
      FreeBSD 11.1-RELEASE-p6 
      
      The system is on the latest version.
      Version information updated at Thu Jan 4 15:14:52 CET 2018
      
      
      1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan last edited by

        Hi,

        I"m using the default Resolver.
        Added "sub.domain.io" to the host override, using IP 127.0.0.1.

        Then I launched a ping to this domain.
        The result - returning IP - was 127.0.0.1.

        Mission accomplished ?

        See image.

        edit : based my reply on https://forum.pfsense.org/index.php?topic=141242.0 from a couple of days ago.


        No "help me" PM's please. Use the forum.

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          https://doc.pfsense.org/index.php/Wildcard_Records_in_DNS_Forwarder/Resolver

          your address has .sub which is wrong..

          address=/.sub.domain.io/127.0.0.1

          should be
          address=/sub.domain.io/127.0.0.1

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

          1 Reply Last reply Reply Quote 0
          • First post
            Last post