DNS Forwarder Domain overrides fails when through IPSEC



  • Hi, this is the scenario:

    a) PFsense 2.3.3 with DNS Forwared managing a local domain named fisrtdomain.lan

    b) PFsense 2.3.3 with DNS Forwared managing a local domain named secdomain.lan

    c) A IPSEC VPN is active between domains. A rule enabling all is active for IPSEC interface.

    I want to have that in firstdomain.lan, the DNS forwarder a) forwards to b) all requestes for "secdomain.lan"  so I have set secdomain.lan as domain overrides pointing to PFSense b) ip address. Vice versa also is desired.
    In this way, all Lan A members calling an hosts of Lan B, they found the right lan address, and vice versa.

    The issue is that does not works. It seems that packets to port 53 are well forwarded by the local PFSense (they appears in the log), but nothing seems to arrive to the receving PFsense via IPSEC, or it seems to ignore them. Even enabling any kind of rule (on IPSEC, On Floating, on Wan interface, on lan…) to trying to log the packets, nothing is seen.

    Note: If i put manually the b) ip address as secondary DNS in the nic settings of a pc located in the a) lan, all it works fine, so DNS packets are not filtered.

    It seems to be a defect of DNS forwarer that ignore the dns requestes arriving via ipsec.

    Any suggestion ?