4. DNS Forwarder Domain overrides fails when through IPSEC

DNS Forwarder Domain overrides fails when through IPSEC

  • R

    Hi, this is the scenario:

    a) PFsense 2.3.3 with DNS Forwared managing a local domain named fisrtdomain.lan

    b) PFsense 2.3.3 with DNS Forwared managing a local domain named secdomain.lan

    c) A IPSEC VPN is active between domains. A rule enabling all is active for IPSEC interface.

    I want to have that in firstdomain.lan, the DNS forwarder a) forwards to b) all requestes for "secdomain.lan"  so I have set secdomain.lan as domain overrides pointing to PFSense b) ip address. Vice versa also is desired.
    In this way, all Lan A members calling an hosts of Lan B, they found the right lan address, and vice versa.

    The issue is that does not works. It seems that packets to port 53 are well forwarded by the local PFSense (they appears in the log), but nothing seems to arrive to the receving PFsense via IPSEC, or it seems to ignore them. Even enabling any kind of rule (on IPSEC, On Floating, on Wan interface, on lan…) to trying to log the packets, nothing is seen.

    Note: If i put manually the b) ip address as secondary DNS in the nic settings of a pc located in the a) lan, all it works fine, so DNS packets are not filtered.

    It seems to be a defect of DNS forwarer that ignore the dns requestes arriving via ipsec.

    Any suggestion ?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy