Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Comand nslookup

    Scheduled Pinned Locked Moved DHCP and DNS
    12 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robertog
      last edited by

      Hello,
      in my pfsense I configured dns forwarder, Register DHCP leases in DNS forwarder, Register DHCP static mappings in DNS forwarder
      in general setup google dns, when I try to use nslookup I read defaut server unlnow, someone knows the reason?

      Thank you in advance

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        because your client is not using pfsense for dns?

        Lets see your output of nslookup..

        C:>nslookup
        Default Server:  sg4860.local.lan
        Address:  192.168.9.253

        Lets see your ipconfig /all output.  I assume your using windows with the nslookup reference.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • R
          robertog
          last edited by

          Hi John,
          from windows 10 client  I have the following output:

          default server: unknown
          address: 192.168.68.1  (firewall pfsense)

          in attached the output for ipconfig/all

          I have 2 subnets 192.168.68.0/24 and 192.168.69.0/24

          from the other subnet 192.168.69.0
          I have the correct default server

          I don't understand…sorry

          dns.png_thumb
          dns.png

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Which one of those is your lan?  Pfsense will associate its name with its lan IP..

            If you want another one of your interfaces on opt networks to have a PTR you would have to create a host override for them..

            Example..

            ;; QUESTION SECTION:
            ;253.3.168.192.in-addr.arpa.    IN      PTR

            ;; ANSWER SECTION:
            253.3.168.192.in-addr.arpa. 3524 IN    PTR    sg4860.dmz.local.lan.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • R
              robertog
              last edited by

              Hi,
              they are both lan I created 2 subnet for 2 different department (192.168.69.0/24) works! and the other subnet no…even if I did as you suggest
              ServicesDNS Forwarder/Edit Host Override 192.168.68.x but when I try use the comand nslookup default server: unknown and address 192.168.68.1 (correct)

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                No there is only going to be 1 LAN IP… The IP assigned to your LAN interface on pfsense.  This is the IP that will be associated with the name you give to your pfsense box.  Like my sg-4860 I call sg4860 and the domain is local.lan

                My LAN ip is 192.168.9.253, but pfsense has multiple other interfaces some native other vlans on those physical interfaces.  Yes those networks behind pfsense are all "lan" side networks but can only ever have 1 lan interface and IP.

                Lets see your interface screenshot and your host override - you didn't put the host override in the forwarder when your using the resolver?  This is common mistake.. But anything you put in host override would have both a forward and a reverse (PTR) entry that would be returned when you query for that.

                windows will do a PTR query for the IP you have setup for its dns... So for example I change my box to use the 3.253 address for its dns..

                hostoverride.png
                hostoverride.png_thumb
                nslookup.png
                nslookup.png_thumb

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • R
                  robertog
                  last edited by

                  Thank you John again in attached my screenshot

                  dns_lookup.png
                  dns_lookup.png_thumb
                  dns_forward.png
                  dns_forward.png_thumb
                  host_override.png
                  host_override.png_thumb

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Ok your using the forwarder and not the resolver..

                    Sure looks like it resolves to me..

                    So your nslookup on your client using 192.168.68.4 for its dns is still coming back unknown?

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • R
                      robertog
                      last edited by

                      Hi John, unfortunately I have this issue still..
                      I will try to use the resolver… and I let you know

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        You sure your client is actually using pfsense as its dns??  Clearly you show the host override, but just noticed your client is using 192.168.68**.1** for its dns… And your host override is 192.168.68**.4**

                        So which is it - is pfsense IP address .1 or .4?  When you do a nslookup on windows box it will do a PTR for the IP you have set.. So its going to ask dns for the PTR of the IP

                        Example.. Sniffing and then ran nslookup.. see attached.

                        You need to create a host override for the IP address of pfsense that your clients are using for dns - if it not the LAN interface which already has its name setup, etc.

                        nslookupPTRsniff.png
                        nslookupPTRsniff.png_thumb

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • R
                          robertog
                          last edited by

                          yes WORKS!!!
                          I setup in host override ip of pfsense 192.168.68.1 (I thought that ip address of the host ip is simply ip of the client…)

                          sorry for that and let me say!

                          THANK YOU AGAIN A LOT!!! John
                          byee

                          1 Reply Last reply Reply Quote 0
                          • johnpozJ
                            johnpoz LAYER 8 Global Moderator
                            last edited by

                            Your welcome - so why exactly do you prefer the forwarder over the resolver.  I personally much rather resolve and have full dnssec support..

                            An intelligent man is sometimes forced to be drunk to spend time with his fools
                            If you get confused: Listen to the Music Play
                            Please don't Chat/PM me for help, unless mod related
                            SG-4860 24.11 | Lab VMs 2.8, 24.11

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.