DNS Forwarder Host Overrides



  • I have a VM in our local network with a static IP of 192.168.1.21 (server name = intranet.udll.lan), to be used for an intranet (web pages).  I can successfully get to it by IP address, but cannot using the local domain name.

    I'm using DNS Forwarding, with dns servers:
    127.0.0.1
    208.67.220.220
    208.67.222.222

    In DNS Forwarding > Host Overrides I have set:
    Host = intranet
    Domain = udll.lan
    IP = 192.168.1.21

    What am I doing wrong?  Should I be using DNS Resolver with local DNS servers, and not DNS Forwarder?


  • LAYER 8 Global Moderator

    So when you query pfsense for intranet.udll.lan what do you get back?

    Lets see your nslookup or dig… This really is 2 seconds to setup..




  • Attached.  I do have the host override configured as per your screenshot.



  • LAYER 8 Global Moderator

    Well as you see your client is asking 208.67.220.220

    On your nslookup command set server to pfsense IP address.



  • Attached, I have an override set for firewall (pfsense) and it finds it, but I still can't use a web browser to browse to it locally.



  • LAYER 8 Global Moderator

    So you don't know how to use nslookup is problem 1 ;)

    if pfsense is on 192.168.1.1 then set your server to that in your nslookup command..

    Here are some examples…

    So do this

    nslookup [-opt …] host server # just look up 'host' using 'server'

    nslookup intranet.udll.lan 192.168.1.1

    see I ask my pihole that is running for another box on my network  where i5-win.local.lan is the host I am looking for and 192.168.3.10 is the nameserver I am asking.

    nslookup i5-win.local.lan 192.168.3.10
    Server:  pi-hole.local.lan
    Address:  192.168.3.10

    Name:    i5-win.local.lan
    Address:  192.168.9.100

    Or you can do it this way..

    Where I run nslookup it shows the default server its using, and then change it with the server command, then ask it what I am looking for.

    nslookup
    Default Server:  sg4860.local.lan
    Address:  192.168.9.253

    server 192.168.3.10
    Default Server:  pi3-2.local.lan
    Address:  192.168.3.10

    i5-win.local.lan
    Server:  pi3-2.local.lan
    Address:  192.168.3.10

    Non-authoritative answer:
    Name:    i5-win.local.lan
    Address:  192.168.9.100



  • attached



  • LAYER 8 Global Moderator

    Well there you go see its working just fine… Now you just need to make sure your clients are actually asking pfsense for dns..

    From your previous test since it defaults to open then no its never going to work... Your clients should be pointing at only 1 DNS and that is pfsense IP..

    In pfsense dhcp the dns should be blank so it hands out pfsense IP as the dns server... What does your client show for dns with ipconfig /all?




  • Attached.  My machine is set to use dhcp.
    If I only use pfSense as the DNS, then how do I resolve external addresses when surfing the web?



  • LAYER 8 Global Moderator

    "how do I resolve external addresses when surfing the web?"

    Pfsense would forward them to your opendns if that is where your forwarding

    How would you expect your host overrides to work if your not even asking pfsense for anything..

    BTW why are you running teredo if you have native dual stack running?  I would clean up your ipv6..



  • Do I even need ipv6, I configured it when Spectrum upgraded our service here.

    I didn't know there was such a thing as teredo.

    I was able to disable it on Win 10 machines.

    I did as you suggested in the screenshot with removing the dns servers, and it all works!

    Thanks for your time and help!

    Mark


  • LAYER 8 Global Moderator

    Do you need it? No you don't there is zero resources that I am aware of that are only available via ipv6 other than maybe some darkweb or p0rn sites..

    As you saw my windows box is clean - but I can click 1 button and then it has IPv6 and I can test stuff via IPv6 if I want, etc..

    Here I enabled ipv6 on its lan and bing bang zoom I can talk IPv6 to internet, etc..



Log in to reply