flush dns after wan ip change



  • I have pfsense 2.4.4-RELEASE (amd64) built on Thu Sep 20 09:03:12 EDT 2018
    FreeBSD 11.2-RELEASE-p3, which works great and really happy with it.

    But I discover in my setup one issue, the dns cache would not updated after a new WAN IP was provided by internet provider from pfsense.

    I can do a manual restart over the gui (which solf the problem), but I would like to have the flush of dns after a WAN IP change automatically.

    It is possible to write a script or using existing script to let do the dns restart automatically by pfsence after WAN IP change was detected?


  • LAYER 8 Rebel Alliance

    First Update to the latest 2.4.4-p2 Release an check again.
    There is some DNS Stuff fixed in 2.4.4-p1...

    -Rico



  • now up to 2.4.4-RELEASE-p2 (amd64)
    built on Wed Dec 12 07:40:18 EST 2018
    FreeBSD 11.2-RELEASE-p6

    but same same.

    Is there any setup / checkbox to flush ore reset DNS Resolver / DNS Server to use the new ip from my website and not the old cached?



  • @gregor4711 said in flush dns after wan ip change:

    But I discover in my setup one issue, the dns cache would not updated after a new WAN IP was provided by internet provider from pfsense.

    Why should it do that?

    A WAN IP change can trigger an DynDNS update. But why should it flush the resolver cache?



  • I have an owncloud and mail server behind pfsense FW.
    It is connected to an dyndns service since. My ISP change all 24h the IP, which is my WAN IP.

    1. after the change of IP from ISP, the update of official DNS is proceed within less than 30 sec.
    2. If I call my email server from outside (via mobile etc.) the mail server is up and working.
    3. If I call from inside (behind pfsense ) the domain name is not more aviable since it route to the old ip.
    4. If I flush pfsense dns resolver & DNS Server manually all is fine again:)
    5. Therefore I would like to have automatic restart of DNS resolver an DNS server in pfsense after wan IP change


  • A better solution would be to setup DNS overrides for your hostnames.



  • How this can work, wegen the IP is changed all 24 hours?



  • The DNS host override declares the IP of your mail host.
    On the Internet , your DDNS service will resolver your domain to your WAN IP.
    Locally, a host override (same URL) will resolve to a local LAN IP (and that one never changes).

    Using host overrides, you do not use the WAN IP, but the LAN IP.



  • Gertjan, many thanks for your exelent explanation of how it works.
    I'll try next days and will come back with the result



  • Of course, this requires that your clients use an internal DNS service like the Resolver of pfSense.
    So in the Resolver settings go down to host overrides and add your hosts by entering its FQDN and its local IP.



  • ok, now I got it. That means, the resolver will not ask the outside dns, but will deliver lokal IP when client ask for the dns www.xxxxx.yy, right?

    What is with the cert? It is linked to dns (https://www.xxxxx.yy) name but not do local ip, will it still work, if the resolver provide lokal ip?





  • Exact.
    Certs are host + domain based. The IP is a don't care.



  • Thank you all for you valuable support, I'll try and come back later (maby with new questions :))