Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Forwarder Domain overrides fails when through IPSEC

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 209 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rikben
      last edited by

      Hi, this is the scenario:

      a) PFsense 2.3.3 with DNS Forwared managing a local domain named fisrtdomain.lan

      b) PFsense 2.3.3 with DNS Forwared managing a local domain named secdomain.lan

      c) A IPSEC VPN is active between domains. A rule enabling all is active for IPSEC interface.

      I want to have that in firstdomain.lan, the DNS forwarder a) forwards to b) all requestes for "secdomain.lan"  so I have set secdomain.lan as domain overrides pointing to PFSense b) ip address. Vice versa also is desired.
      In this way, all Lan A members calling an hosts of Lan B, they found the right lan address, and vice versa.

      The issue is that does not works. It seems that packets to port 53 are well forwarded by the local PFSense (they appears in the log), but nothing seems to arrive to the receving PFsense via IPSEC, or it seems to ignore them. Even enabling any kind of rule (on IPSEC, On Floating, on Wan interface, on lan…) to trying to log the packets, nothing is seen.

      Note: If i put manually the b) ip address as secondary DNS in the nic settings of a pc located in the a) lan, all it works fine, so DNS packets are not filtered.

      It seems to be a defect of DNS forwarer that ignore the dns requestes arriving via ipsec.

      Any suggestion ?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.