4. DNS Forwarder dnsmasq not working

DNS Forwarder dnsmasq not working

  • C

    Hello all,

    I am trying to use DNS Forwarder to make PfSense response to a specific wildcard domain, but it is not working.
    This is my /usr/local/etc/dnsmasq.conf:

    # Tells dnsmasq to never forward queries for plain names, without dots or domain parts, to upstream nameservers.
# If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned.
domain-needed
# Bogus private reverse lookups.
# All reverse lookups for private IP ranges (ie 192.168.x.x, etc) which are not found in /etc/hosts or the DHCP leases file are answered
# with "no such domain" rather than being forwarded upstream.
bogus-priv
#
# LAN domain lookups
#
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
local=/mydomain/
domain=mydomain
#
# Add the domain to simple names (without a period) in /etc/hosts in the same way as for DHCP-derived names.
# Note that this does not apply to domain names in cnames, PTR records, TXT records etc.
expand-hosts
#
# increase DNS cache size
cache-size=10000
# Set the maximum number of concurrent DNS queries. The default value is 150
dns-forward-max=300
resolv-file=/var/etc/resolv.conf
#conf-dir=/usr/local/etc/dnsmasq.d
address=/.sub.domain.io/127.0.0.1

    But it keeps forwarding the requests to Google DNS server:

    
Jan 4 15:34:48	dnsmasq	62855	query[A] testing.sub.domain.io from 192.168.200.244
Jan 4 15:52:08	dnsmasq	62855	forwarded testing.sub.domain.io to 8.8.4.4
Jan 4 15:52:08	dnsmasq	62855	reply testing.sub.domain.io is EXTERNAL_IP

    Running:

    
Version	2.4.2-RELEASE-p1 (amd64) 
built on Tue Dec 12 13:45:26 CST 2017 
FreeBSD 11.1-RELEASE-p6 

The system is on the latest version.
Version information updated at Thu Jan 4 15:14:52 CET 2018
    0

  • Hi,

    I"m using the default Resolver.
    Added "sub.domain.io" to the host override, using IP 127.0.0.1.

    Then I launched a ping to this domain.
    The result - returning IP - was 127.0.0.1.

    Mission accomplished ?

    See image.

    edit : based my reply on https://forum.pfsense.org/index.php?topic=141242.0 from a couple of days ago.


    0
  • LAYER 8 Global Moderator

    https://doc.pfsense.org/index.php/Wildcard_Records_in_DNS_Forwarder/Resolver

    your address has .sub which is wrong..

    address=/.sub.domain.io/127.0.0.1

    should be
    address=/sub.domain.io/127.0.0.1

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy