Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Forwarder dnsmasq not working

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      CrisKolkman
      last edited by

      Hello all,

      I am trying to use DNS Forwarder to make PfSense response to a specific wildcard domain, but it is not working.
      This is my /usr/local/etc/dnsmasq.conf:

      # Tells dnsmasq to never forward queries for plain names, without dots or domain parts, to upstream nameservers.
# If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned.
domain-needed
# Bogus private reverse lookups.
# All reverse lookups for private IP ranges (ie 192.168.x.x, etc) which are not found in /etc/hosts or the DHCP leases file are answered
# with "no such domain" rather than being forwarded upstream.
bogus-priv
#
# LAN domain lookups
#
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
local=/mydomain/
domain=mydomain
#
# Add the domain to simple names (without a period) in /etc/hosts in the same way as for DHCP-derived names.
# Note that this does not apply to domain names in cnames, PTR records, TXT records etc.
expand-hosts
#
# increase DNS cache size
cache-size=10000
# Set the maximum number of concurrent DNS queries. The default value is 150
dns-forward-max=300
resolv-file=/var/etc/resolv.conf
#conf-dir=/usr/local/etc/dnsmasq.d
address=/.sub.domain.io/127.0.0.1

      But it keeps forwarding the requests to Google DNS server:

      
Jan 4 15:34:48	dnsmasq	62855	query[A] testing.sub.domain.io from 192.168.200.244
Jan 4 15:52:08	dnsmasq	62855	forwarded testing.sub.domain.io to 8.8.4.4
Jan 4 15:52:08	dnsmasq	62855	reply testing.sub.domain.io is EXTERNAL_IP

      Running:

      
Version	2.4.2-RELEASE-p1 (amd64) 
built on Tue Dec 12 13:45:26 CST 2017 
FreeBSD 11.1-RELEASE-p6 

The system is on the latest version.
Version information updated at Thu Jan 4 15:14:52 CET 2018
      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        I"m using the default Resolver.
        Added "sub.domain.io" to the host override, using IP 127.0.0.1.

        Then I launched a ping to this domain.
        The result - returning IP - was 127.0.0.1.

        Mission accomplished ?

        See image.

        edit : based my reply on https://forum.pfsense.org/index.php?topic=141242.0 from a couple of days ago.

        subio.PNG
        subio.PNG_thumb

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          https://doc.pfsense.org/index.php/Wildcard_Records_in_DNS_Forwarder/Resolver

          your address has .sub which is wrong..

          address=/.sub.domain.io/127.0.0.1

          should be
          address=/sub.domain.io/127.0.0.1

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.