Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Weird DNS / NSLOOKUP Problem

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 3 Posters 585 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rexdekoning
      last edited by

      Hi all,

      Perhaps this has been discussed before but I couldn't find anything relevant, and don't really know what search terms to use for this.

      We have a psSense VM behind a Cisco Router. The cisco router forwards all traffic to the pfSense box. DNS is handled by our Windows2012R2 DNS server.

      Everything seems to work correctly except for name lookuo of DNS record which point towards our external address ( which is terminated on the Cisco router and forwarded to pfSense )

      examples:
      Cisco router 157.157.157.157
      PfSense 10.0.0.1

      When I do a ping or nslookup for site.domain.com ( for which the DNS is hosted externally and not on our internal dns server, which has forwarders to 8.8.8.8 and 8.8.4.4 ) from the internal network, the ip address 10.0.0.1 is returned while you would expect 157.157.157.157. So somehow, somewhere the ipaddress gets rewritten but this is not a wanted solution.

      Is there anyway to resolve this? I hope it's a bit clear. Of not please let me know, so I can hopefully clearify.

      Thanks in advance,

      Rex

      ps. Sorry, forgot the pfsense version: 2.4.2-RELEASE-p1 (amd64)

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Sounds like split DNS, where it resolves a host to its LAN IP when doing the lookup from LAN.  This is usually desirable as it stops NAT hair-pinning that goes out and then back in again for a local request.

        1 Reply Last reply Reply Quote 0
        • R
          rexdekoning
          last edited by

          I don't think it's spilt dns (although it does like it). The domain name being is used is not resolved on the internal DNS server at all. It's a 'normal' public dns name.
          It looks like pfsense is doing rewrite, but no idea on how to disable this.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            I would guess you setup some form of dynamic dns.

            If your saying client asks your internal dns, and this forwards to google for dns.  Then that means externally is returning your rfc1918 address.  So if you called pfsense site.domain.com and you setup dynamic dns this could happen.

            Other than that you ether have this site.domain.com setup in your AD dns.  Since pfsense has zero to do with your dns per your statement of how your network is setup.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.