PfSense as DNS server for external (over vpn) clients, not working



  • I've TAP-bridged two networks with OpenVPN using pfSense. I have a (different) named private domain on both ends. The idea is to do resolve client1.network-a.net and client1.network-b.net regardless if you're on network A or B.

    Now, on one end I have pfSense to handle DNS queries and I use pfSense's domain overrides without problem. I can resolve network A clients/servers with over the wire network A DNS server from network B without problem. But the issue is resolving for network B clients using Network B DNS from network A.

    For Network A, my DNS server is Windows Server 2012 R2, and thus the setup is not identical (no pfsense's domain overrides, but using conditional forwarders).

    I've managed to track it down this far: the UDP port 53 is open and available over the VPN, but powershell's test-dnsserver is giving an "UnknownError" error. Thus it seems that routing & firewalling is ok, but pfSense's DNS is blocking queries from outside it's own local network and not returning an answer.

    I've looked at:

    • DNSSEC
    • Access Lists (including both Network A subnet as well as the VPN bridge subnet)
    • Thought about rebinding protections, but not sure how they apply here.

    If anyone could drop a hint on how to get this working, I'd be super happy!  :)

    Cheers!


Log in to reply