Cannot resolve in Firewall Log for Local DNS
-
In the Firewall Log there is an "I" graphic that you can press to "try to resolve". On some of the external it will resolve to like aws.amazon.com or whatever, but for all of the source on internal (local ip addresses) it comes back with "cannot resolve".
I suspect it has to do with my DNS settings.
I currently have it setup for DNS to push out a local ip address for a pi-hole device. The pi-hole device is then set to use the pfsense ip as the upstream provider. pfsense in general config has OpenDNS as DNS1 and DNS2.
When I use nslookup pfsense it will properly show the pfsense.locallan name and ip address. But again, in firewall log when I click the "I" it says "cannot resolve".
Any assistance or help that can be provided to help me? I have 100% of my devices with a static IP mapping in the pfsense DHCP server with a hostname, client identifier, description, etc and would love to see that information rather than just raw IP address in the firewall logs.
-
Probably this: https://docs.netgate.com/pfsense/en/latest/dns/dns-rebinding-protections.html
-
You are trying to do a reverse DNS lookup for IPs when you do that. It should resolve a hostname for anything the DNS service knows about so I suggest it does not.
Do you have 'Register DHCP static mappings in the DNS Resolver/Forwarder' set in the DNS config?Steve
-
@stephenw10 said in Cannot resolve in Firewall Log for Local DNS:
You are trying to do a reverse DNS lookup for IPs when you do that. It should resolve a hostname for anything the DNS service knows about so I suggest it does not.
Do you have 'Register DHCP static mappings in the DNS Resolver/Forwarder' set in the DNS config?Steve
This was it. It was unticked. I ticked it and it now reflects the hostname+domain of local IP's in the firewall log when clicking the "I". Thank you
-
@pfsensefanatic said in Cannot resolve in Firewall Log for Local DNS:
I ticked it
You should be aware :
Now you've 'ticked' that one, on every incoming DHCP release and renew, the Resolver will get restaredt. During restart : no more DNS at all - and the cache it maintains will not be very useful.
Place a much devices as you can into Static DHCP Leases - those will be read in ones and their DHCP renewal will not bother the Resolver (because they are static).True : on a public network, Static DHCP Leases is not possible.
-
@gertjan said in Cannot resolve in Firewall Log for Local DNS:
Now you've 'ticked' that one, on every incoming DHCP release and renew, the Resolver will get restaredt. During restart : no more DNS at all - and the cache it maintains will not be very useful.
Place a much devices as you can into Static DHCP Leases - those will be read in ones and their DHCP renewal will not bother the Resolver (because they are static).I run this way at home and I have a ton of DHCP devices and never have DNS problems like this. I suspect this primarily affects users that have large configs in Unbound, such as pfBlocker-NG/DNSBL/etc, or very overloaded/slow hardware.
For most of us it's a non-issue.
-
@gertjan said in Cannot resolve in Firewall Log for Local DNS:
@pfsensefanatic said in Cannot resolve in Firewall Log for Local DNS:
I ticked it
You should be aware :
Now you've 'ticked' that one, on every incoming DHCP release and renew, the Resolver will get restaredt. During restart : no more DNS at all - and the cache it maintains will not be very useful.
Place a much devices as you can into Static DHCP Leases - those will be read in ones and their DHCP renewal will not bother the Resolver (because they are static).True : on a public network, Static DHCP Leases is not possible.
Interesting. Most of my devices are Static DHCP leases.
However, even if they were not and I had a slew of devices that are constantly releasing/renewing then it sounds like I would have seemingly internet connectivity issues when it is simply the Resolver restarting.
So what is the solution to get local IP's to resolve on the firewall logs if not for ticking that 'Register DHCP static mappings in the DNS Resolver/Forwarder' box?Also, if a device is not static DHCP, will it resolve in firewall log? Doesn't sound like it would
-
For the firewall to resolve 192.168.1.100 for example, the PTR has to exist somewhere.. Be it unbound via dhcp registration, static lease registration or host override.
Or some other dns that the clients are registering in, etc. Say for example if your AD shop, you should prob be using your dhcp and dns in your AD.
Then just create a domain override for IP ranges so that you can go ask for PTR from your AD dns, etc..
There are multiple ways to skin this cat - but somewhere involves a PTR lookup from DNS somewhere your clients IP is listed.