DNS Forwarder dnsmasq not working
I am trying to use DNS Forwarder to make PfSense response to a specific wildcard domain, but it is not working.
This is my /usr/local/etc/dnsmasq.conf:
# Tells dnsmasq to never forward queries for plain names, without dots or domain parts, to upstream nameservers. # If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned. domain-needed # Bogus private reverse lookups. # All reverse lookups for private IP ranges (ie 192.168.x.x, etc) which are not found in /etc/hosts or the DHCP leases file are answered # with "no such domain" rather than being forwarded upstream. bogus-priv # # LAN domain lookups # # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. local=/mydomain/ domain=mydomain # # Add the domain to simple names (without a period) in /etc/hosts in the same way as for DHCP-derived names. # Note that this does not apply to domain names in cnames, PTR records, TXT records etc. expand-hosts # # increase DNS cache size cache-size=10000 # Set the maximum number of concurrent DNS queries. The default value is 150 dns-forward-max=300 resolv-file=/var/etc/resolv.conf #conf-dir=/usr/local/etc/dnsmasq.d address=/.sub.domain.io/127.0.0.1
But it keeps forwarding the requests to Google DNS server:
Jan 4 15:34:48 dnsmasq 62855 query[A] testing.sub.domain.io from 192.168.200.244 Jan 4 15:52:08 dnsmasq 62855 forwarded testing.sub.domain.io to 184.108.40.206 Jan 4 15:52:08 dnsmasq 62855 reply testing.sub.domain.io is EXTERNAL_IP
Version 2.4.2-RELEASE-p1 (amd64) built on Tue Dec 12 13:45:26 CST 2017 FreeBSD 11.1-RELEASE-p6 The system is on the latest version. Version information updated at Thu Jan 4 15:14:52 CET 2018
I"m using the default Resolver.
Added "sub.domain.io" to the host override, using IP 127.0.0.1.
Then I launched a ping to this domain.
The result - returning IP - was 127.0.0.1.
Mission accomplished ?
edit : based my reply on https://forum.pfsense.org/index.php?topic=141242.0 from a couple of days ago.
your address has .sub which is wrong..