4. DNS Forwarder Domain overrides fails when through IPSEC

DNS Forwarder Domain overrides fails when through IPSEC

  • R

    Hi, this is the scenario:

    a) PFsense 2.3.3 with DNS Forwared managing a local domain named fisrtdomain.lan

    b) PFsense 2.3.3 with DNS Forwared managing a local domain named secdomain.lan

    c) A IPSEC VPN is active between domains. A rule enabling all is active for IPSEC interface.

    I want to have that in firstdomain.lan, the DNS forwarder a) forwards to b) all requestes for "secdomain.lan"  so I have set secdomain.lan as domain overrides pointing to PFSense b) ip address. Vice versa also is desired.
    In this way, all Lan A members calling an hosts of Lan B, they found the right lan address, and vice versa.

    The issue is that does not works. It seems that packets to port 53 are well forwarded by the local PFSense (they appears in the log), but nothing seems to arrive to the receving PFsense via IPSEC, or it seems to ignore them. Even enabling any kind of rule (on IPSEC, On Floating, on Wan interface, on lan…) to trying to log the packets, nothing is seen.

    Note: If i put manually the b) ip address as secondary DNS in the nic settings of a pc located in the a) lan, all it works fine, so DNS packets are not filtered.

    It seems to be a defect of DNS forwarer that ignore the dns requestes arriving via ipsec.

    Any suggestion ?

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy