Help Logging into Dashboard using Domain



  • I'm not sure what I did, but for some reason I can now only log into my pfSense router dashboard from inside my network using my 192 IP address and not my domain (https://pfsense.XXXXXXdomain/). I've turned off Squid and pfBlocker thinking it might be something with those, but no luck. Any ideas?


  • Rebel Alliance Global Moderator

    So your saying that your fqdn pfsense.XXXXXXdomain doesn't resolve? Or resolves to the wrong IP.

    Is your client using pfsense for dns?



  • Ah, didnt even think about the DNS server. It just doesnt resolve...using 1.1.1.1 now. I'll change it when I get home from work to see if thats it.


  • Rebel Alliance Global Moderator

    @aramp1

    Well if you tell your client to use 1.1.1.1 then no its not going to be able to resolve some private domain you gave to pfsense..

    Have you client use pfsense, have pfsense forward to 1.1.1.1 if that is what your network to use.



  • It seems so simple i actually feel like an idiot for not thinking about it.

    Weird thing is, it worked sometimes. Sometimes it wouldn't and I'd come back in a few minutes and it'd be good.

    Appriciate the help!


  • Rebel Alliance Global Moderator

    Did you have client pointing to multiple nameservers?

    Having your client say with

    192.168.1.1 (pfsense - local dns)
    8.8.8.8 (googledns - public dns)

    This is common mistake made... I see it ALL the time!!! Users do not seem to grasp that a client doesn't ask both, or move to the next one when NX returned, etc.

    While you might list your ns in order on your client. You really can not be sure which nameserver a client might ask for any given query. Sure if one does not answer with specific time period for a query, the client will ask the other listed ns. And once a client gets answers from 1 it stick to that one..

    So if you ask google for pfsense.localdomain.tld your going to get back NX.. Once a client gets back NX it will not go ask other ns for that since it was told - hey doesn't exist. Doesn't make any sense to bug the other NS for something that clearly does not exist. It will not ask again until the neg ttl expires on that NX.

    While you can point your clients to multiple NS.. They all need to be able to resolve the same stuff! So if you want to point to google and opendns and 1.1.1.1 ok sure - they should all be able to resolve www.publicdomain.com

    But using even different public that provide different blocking features can get you in trouble. While opendns might block xyz, maybe googledns allows it, etc. Which one is your client going to be asking? You can not be sure.

    Listing internal and external dns is going to cause you grief for sure. All your nameservers listed on your client should be able to resolve the same stuff. So sure you can run multiple internal NS that can all resolve any internal stuff, and then forward/resolve to get the public stuff. If 1 is down - no answer at all (ie timeout) then yes client will ask other one. Your fine here since no matter what NS you ask you are sure you will get the same answer.


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy