1. Home
  2. pfSense® Software
  3. DHCP and DNS
  4. DNS Forwarder dnsmasq not working

DNS Forwarder dnsmasq not working

  • C

    Hello all,

    I am trying to use DNS Forwarder to make PfSense response to a specific wildcard domain, but it is not working.
    This is my /usr/local/etc/dnsmasq.conf:

    # Tells dnsmasq to never forward queries for plain names, without dots or domain parts, to upstream nameservers.
# If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned.
domain-needed
# Bogus private reverse lookups.
# All reverse lookups for private IP ranges (ie 192.168.x.x, etc) which are not found in /etc/hosts or the DHCP leases file are answered
# with "no such domain" rather than being forwarded upstream.
bogus-priv
#
# LAN domain lookups
#
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
local=/mydomain/
domain=mydomain
#
# Add the domain to simple names (without a period) in /etc/hosts in the same way as for DHCP-derived names.
# Note that this does not apply to domain names in cnames, PTR records, TXT records etc.
expand-hosts
#
# increase DNS cache size
cache-size=10000
# Set the maximum number of concurrent DNS queries. The default value is 150
dns-forward-max=300
resolv-file=/var/etc/resolv.conf
#conf-dir=/usr/local/etc/dnsmasq.d
address=/.sub.domain.io/127.0.0.1

    But it keeps forwarding the requests to Google DNS server:

    
Jan 4 15:34:48	dnsmasq	62855	query[A] testing.sub.domain.io from 192.168.200.244
Jan 4 15:52:08	dnsmasq	62855	forwarded testing.sub.domain.io to 8.8.4.4
Jan 4 15:52:08	dnsmasq	62855	reply testing.sub.domain.io is EXTERNAL_IP

    Running:

    
Version	2.4.2-RELEASE-p1 (amd64) 
built on Tue Dec 12 13:45:26 CST 2017 
FreeBSD 11.1-RELEASE-p6 

The system is on the latest version.
Version information updated at Thu Jan 4 15:14:52 CET 2018
    0
  • Gertjan

    Hi,

    I"m using the default Resolver.
    Added "sub.domain.io" to the host override, using IP 127.0.0.1.

    Then I launched a ping to this domain.
    The result - returning IP - was 127.0.0.1.

    Mission accomplished ?

    See image.

    edit : based my reply on https://forum.pfsense.org/index.php?topic=141242.0 from a couple of days ago.


    0
  • johnpoz
    LAYER 8 Global Moderator

    https://doc.pfsense.org/index.php/Wildcard_Records_in_DNS_Forwarder/Resolver

    your address has .sub which is wrong..

    address=/.sub.domain.io/127.0.0.1

    should be
    address=/sub.domain.io/127.0.0.1

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy