need to resolve external website ip instead of internal dns ip



  • my website is hosted outside of network ,but my domain name is same like the website ( internal dns is abc.com and the external site is also abc.com) . I am able to connect the site from external network but from internal network is resolve the local dns ip so how to resolve the external dns from internal network . I am using PFSENSE and configured DNS resolver too with host over-right......



  • @jeetu3363, this is easy to solve. Firstly ensure that your pfSense DNS is set to resolve to any external DNS server (e.g. Google's 8.8.8.8). Then simply create a DNS-forwarder records for each host.domain that you want to override with a local ip address. Viola!


  • Rebel Alliance Global Moderator

    This is normally a bad idea - just for the reason you ran into. use abc.com outside and abc.net inside or abc.lan inside, etc.

    I would suggest you change your internal domain to be something different.

    edit
    @jeetu3363 so you think he should put his rfc1918 address out on the public dns? Sorry but pointing pfsense to google - is also bad idea..



  • @lifeboy I have configured the same as you mentioned but still not working 0_1530702927788_pfsense.png



  • @johnpoz this is big office with many branch offices so it is hard to change the local domain name



  • @jeetu3363, not sure where you found that setting? Here's what it looks like on my side:

    0_1530712534559_03d6b49f-201b-4a75-b847-53a16e06e78c-image.png



  • @lifeboy I am using DNS resolver, can i use both dns forwarder and resolver at a time



  • @jeetu3363 I don't think you should be using both. Either use a forwarder (like I'm doing) and do host overrides or do a resolver but not both. When a query arrives at your firewall, which service should answer if you're using both?



  • @lifeboy yes i am using dns resolver and host overnight but it is not working mean not resolving the external ip ...



  • @lifeboy I have changed it to dns forwarder but still having the issue ...0_1530714442224_pfsense1.png



  • You said in your original post:
    "I am able to connect the site from external network but from internal network is resolve the local dns ip so how to resolve the external dns from internal network"

    If you don't want your internal network to receive a different address than what the outside world received, you should not create a host override record. Then you will receive the outside DNS answer from any client inside the LAN network.

    Why are you creating host records for addresses that should be receiving the public DNS record? Only hosts that are accessible from the outside world via NAT through your pfSense firewall should have override records. So, for example, if you have a ticket-management web service and the people out there use 126.234.12.4 to reach it by typing tickets.yours.com (and you NAT that address to port 80 on 10.0.0.5), the people inside your LAN are not able to access the service with the public ip address since it would mean that the traffic exits your network and comes back in through the same address to the service (which it can't do). In this case you resolve the address internally to answer 10.0.0.5 (if that's your ticketing server's LAN address).

    That's what a DNS forwarder with host overrides is most commonly used for.


  • Rebel Alliance Global Moderator

    @jeetu3363 said in need to resolve external website ip instead of internal dns ip:

    this is big office with many branch offices so it is hard to change the local domain name

    No it isn't... Shouldn't of never been started in the first place.. Your computers are members of AD, that can be a pain. But you make no mention of AD.. This is a pfsense site, not MS support.

    Your domain there is mylocal?? That sure and the F is not public domain.

    How about you actually go into what is the problem.. Your domain listed there in pfsense is mylocal which is not a public domain.

    but my domain name is same like the website ( internal dns is abc.com and the external site is also abc.com

    This is NOT what your showing in pfsense with a single label domain. What exactly is resolving wrong.. You have host.abc.com on the public internet? that resolve to public 1.2.3.4, what exactly is on local network that is resolving wrong?



  • I have created A record in windows dns server with www and put the website ip , now site is working fine ...
    Thanks



  • @jeetu3363 said in need to resolve external website ip instead of internal dns ip:

    my website is hosted outside of network ,but my domain name is same like the website ( internal dns is abc.com and the external site is also abc.com) . I am able to connect the site from external network but from internal network is resolve the local dns ip so how to resolve the external dns from internal network . I am using PFSENSE and configured DNS resolver too with host over-right......

    Not quite sure what you're saying, but if you have a server elsewhere, you simply configure the DNS server accordingly. For example, I have a DNS server set up on pfSense for local devices and also run it as a resolver for outside sites. On IPv4, where I have to use NAT, the local DNS uses the local address and the outside DNS uses my WAN address, with NAT & port forwarding sending the traffic to the appropriate device. On IPv6, where every IPv6 capable device has a public address, I could rely entirely on the outside DNS, as the destination address would be the same for either DNS server.



  • @jeetu3363 you're confusing me completely here. What you said you were trying to achieve and what you did doesn't match up. Maybe try to explain more clearly what your setup is next time, then you'll get better answers.