Weird DNS / NSLOOKUP Problem



  • Hi all,

    Perhaps this has been discussed before but I couldn't find anything relevant, and don't really know what search terms to use for this.

    We have a psSense VM behind a Cisco Router. The cisco router forwards all traffic to the pfSense box. DNS is handled by our Windows2012R2 DNS server.

    Everything seems to work correctly except for name lookuo of DNS record which point towards our external address ( which is terminated on the Cisco router and forwarded to pfSense )

    examples:
    Cisco router 157.157.157.157
    PfSense 10.0.0.1

    When I do a ping or nslookup for site.domain.com ( for which the DNS is hosted externally and not on our internal dns server, which has forwarders to 8.8.8.8 and 8.8.4.4 ) from the internal network, the ip address 10.0.0.1 is returned while you would expect 157.157.157.157. So somehow, somewhere the ipaddress gets rewritten but this is not a wanted solution.

    Is there anyway to resolve this? I hope it's a bit clear. Of not please let me know, so I can hopefully clearify.

    Thanks in advance,

    Rex

    ps. Sorry, forgot the pfsense version: 2.4.2-RELEASE-p1 (amd64)



  • Sounds like split DNS, where it resolves a host to its LAN IP when doing the lookup from LAN.  This is usually desirable as it stops NAT hair-pinning that goes out and then back in again for a local request.



  • I don't think it's spilt dns (although it does like it). The domain name being is used is not resolved on the internal DNS server at all. It's a 'normal' public dns name.
    It looks like pfsense is doing rewrite, but no idea on how to disable this.


  • Rebel Alliance Global Moderator

    I would guess you setup some form of dynamic dns.

    If your saying client asks your internal dns, and this forwards to google for dns.  Then that means externally is returning your rfc1918 address.  So if you called pfsense site.domain.com and you setup dynamic dns this could happen.

    Other than that you ether have this site.domain.com setup in your AD dns.  Since pfsense has zero to do with your dns per your statement of how your network is setup.