Comand nslookup



  • Hello,
    in my pfsense I configured dns forwarder, Register DHCP leases in DNS forwarder, Register DHCP static mappings in DNS forwarder
    in general setup google dns, when I try to use nslookup I read defaut server unlnow, someone knows the reason?

    Thank you in advance


  • Rebel Alliance Global Moderator

    because your client is not using pfsense for dns?

    Lets see your output of nslookup..

    C:>nslookup
    Default Server:  sg4860.local.lan
    Address:  192.168.9.253

    Lets see your ipconfig /all output.  I assume your using windows with the nslookup reference.



  • Hi John,
    from windows 10 client  I have the following output:

    default server: unknown
    address: 192.168.68.1  (firewall pfsense)

    in attached the output for ipconfig/all

    I have 2 subnets 192.168.68.0/24 and 192.168.69.0/24

    from the other subnet 192.168.69.0
    I have the correct default server

    I don't understand…sorry



  • Rebel Alliance Global Moderator

    Which one of those is your lan?  Pfsense will associate its name with its lan IP..

    If you want another one of your interfaces on opt networks to have a PTR you would have to create a host override for them..

    Example..

    ;; QUESTION SECTION:
    ;253.3.168.192.in-addr.arpa.    IN      PTR

    ;; ANSWER SECTION:
    253.3.168.192.in-addr.arpa. 3524 IN    PTR    sg4860.dmz.local.lan.



  • Hi,
    they are both lan I created 2 subnet for 2 different department (192.168.69.0/24) works! and the other subnet no…even if I did as you suggest
    ServicesDNS Forwarder/Edit Host Override 192.168.68.x but when I try use the comand nslookup default server: unknown and address 192.168.68.1 (correct)


  • Rebel Alliance Global Moderator

    No there is only going to be 1 LAN IP… The IP assigned to your LAN interface on pfsense.  This is the IP that will be associated with the name you give to your pfsense box.  Like my sg-4860 I call sg4860 and the domain is local.lan

    My LAN ip is 192.168.9.253, but pfsense has multiple other interfaces some native other vlans on those physical interfaces.  Yes those networks behind pfsense are all "lan" side networks but can only ever have 1 lan interface and IP.

    Lets see your interface screenshot and your host override - you didn't put the host override in the forwarder when your using the resolver?  This is common mistake.. But anything you put in host override would have both a forward and a reverse (PTR) entry that would be returned when you query for that.

    windows will do a PTR query for the IP you have setup for its dns... So for example I change my box to use the 3.253 address for its dns..






  • Thank you John again in attached my screenshot







  • Rebel Alliance Global Moderator

    Ok your using the forwarder and not the resolver..

    Sure looks like it resolves to me..

    So your nslookup on your client using 192.168.68.4 for its dns is still coming back unknown?



  • Hi John, unfortunately I have this issue still..
    I will try to use the resolver… and I let you know


  • Rebel Alliance Global Moderator

    You sure your client is actually using pfsense as its dns??  Clearly you show the host override, but just noticed your client is using 192.168.68**.1** for its dns… And your host override is 192.168.68**.4**

    So which is it - is pfsense IP address .1 or .4?  When you do a nslookup on windows box it will do a PTR for the IP you have set.. So its going to ask dns for the PTR of the IP

    Example.. Sniffing and then ran nslookup.. see attached.

    You need to create a host override for the IP address of pfsense that your clients are using for dns - if it not the LAN interface which already has its name setup, etc.




  • yes WORKS!!!
    I setup in host override ip of pfsense 192.168.68.1 (I thought that ip address of the host ip is simply ip of the client…)

    sorry for that and let me say!

    THANK YOU AGAIN A LOT!!! John
    byee


  • Rebel Alliance Global Moderator

    Your welcome - so why exactly do you prefer the forwarder over the resolver.  I personally much rather resolve and have full dnssec support..