DNS Forwarder dnsmasq not working



  • Hello all,

    I am trying to use DNS Forwarder to make PfSense response to a specific wildcard domain, but it is not working.
    This is my /usr/local/etc/dnsmasq.conf:

    # Tells dnsmasq to never forward queries for plain names, without dots or domain parts, to upstream nameservers.
    # If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned.
    domain-needed
    # Bogus private reverse lookups.
    # All reverse lookups for private IP ranges (ie 192.168.x.x, etc) which are not found in /etc/hosts or the DHCP leases file are answered
    # with "no such domain" rather than being forwarded upstream.
    bogus-priv
    #
    # LAN domain lookups
    #
    # Add local-only domains here, queries in these domains are answered
    # from /etc/hosts or DHCP only.
    local=/mydomain/
    domain=mydomain
    #
    # Add the domain to simple names (without a period) in /etc/hosts in the same way as for DHCP-derived names.
    # Note that this does not apply to domain names in cnames, PTR records, TXT records etc.
    expand-hosts
    #
    # increase DNS cache size
    cache-size=10000
    # Set the maximum number of concurrent DNS queries. The default value is 150
    dns-forward-max=300
    resolv-file=/var/etc/resolv.conf
    #conf-dir=/usr/local/etc/dnsmasq.d
    address=/.sub.domain.io/127.0.0.1
    

    But it keeps forwarding the requests to Google DNS server:

    
    Jan 4 15:34:48	dnsmasq	62855	query[A] testing.sub.domain.io from 192.168.200.244
    Jan 4 15:52:08	dnsmasq	62855	forwarded testing.sub.domain.io to 8.8.4.4
    Jan 4 15:52:08	dnsmasq	62855	reply testing.sub.domain.io is EXTERNAL_IP
    
    

    Running:

    
    Version	2.4.2-RELEASE-p1 (amd64) 
    built on Tue Dec 12 13:45:26 CST 2017 
    FreeBSD 11.1-RELEASE-p6 
    
    The system is on the latest version.
    Version information updated at Thu Jan 4 15:14:52 CET 2018
    
    


  • Hi,

    I"m using the default Resolver.
    Added "sub.domain.io" to the host override, using IP 127.0.0.1.

    Then I launched a ping to this domain.
    The result - returning IP - was 127.0.0.1.

    Mission accomplished ?

    See image.

    edit : based my reply on https://forum.pfsense.org/index.php?topic=141242.0 from a couple of days ago.



  • LAYER 8 Global Moderator

    https://doc.pfsense.org/index.php/Wildcard_Records_in_DNS_Forwarder/Resolver

    your address has .sub which is wrong..

    address=/.sub.domain.io/127.0.0.1

    should be
    address=/sub.domain.io/127.0.0.1


Log in to reply