Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Query BIND DNS over IPsec IKEv2 mobile tunnel

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 540 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      posto587
      last edited by

      Hi everyone,

      I have several pfsense boxes installed at remote sites. To all sites I'm having IPsec IKEv2 mobile VPN tunnels from my Laptop/iPhone etc.
      This is working great. As long as the DNS Resolver is active I can query this DNS Server over the VPN tunnel.
      At some sites DNS Resolver is disabled and I'm using BIND.
      Problem is that i cannot query the BIND DNS server over the VPN tunnel.

      Firewall rule on IPsec tab is pass any to any. On the IPsec Mobile Clients tab I'm providing the DNS Server (DNS Resolver respectivly BIND).

      I want to accomplish that I can query the DNS entrys made in the BIND zones over the VPN tunnel.
      Do you have any ideas?

      Thanks
      John

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @posto587
        last edited by Gertjan

        Hi,

        @posto587 said in Query BIND DNS over IPsec IKEv2 mobile tunnel:

        Do you have any ideas?

        Without knowing how you set it up ? The main idea is pretty close to : finish the setup, you're not done yet.

        Some other ideas :
        "bind" does the same thing as what "unbound", listing to all interfaces, port 53 at least. So, my question is : is it also listing to the "VPN interface" ? Check also what happens when VPN restarts, maybe bind needes to be reload / restarted also. unbound is been handles by pfSEnse out of the box, bind, as a package might be handled diffrenetly.
        Also : when bind start before VPN server, the interface VPN creates isn't on the "listen" list of interfaces.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • P
          posto587
          last edited by

          Thanks for your answer!
          BIND is listening on all interfaces, IPsec ist not listed in there but in unbound IPsec isn't listed too and there it's working.

          I already checked to restart VPN service but that changes nothing. I also think that has something to do with unbound being handled out of the box and BIND as a package is handled differently.

          Just to clarify: I can query all DNS entrys made in BIND from all local networks but not from the VPN tunnel / IPsec interface.
          Perhaps there need to be an advanced config made to get BIND to listen on IPsec interace too. Unfortuantely it's not listed in the "listen interfaces" tab...

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.