DNS resolver forward to another pfsense HOW

  • Hello!

    I have a multilocation server setup, where I tunnel the sites together with OpenVPN tunnels in Pfsense.

    I have Host Overrrides in unbound at every site.

    IS IT POSSIBLE to point a remove branch pfsense unbound to use my primary site Unbound for DNS queries? I would like to have only one site with the host overrides, and if the other offices dont find any at their pfsense, the would query the primary site, which would have the host overrides and answer the right DNS query.

    here is what I have done until now:

    • I have set the DNS server of the branch office to the pfsense ip address of the main localtion pfsense. When I do Diag/cmd DIG on the branch office pfsense, I get the right answer.
    • however I set the branch office pfsense not to use it's own unbound for dns resolving.
    • I have set the branch office pfsense unbound to "Enable Forwarding Mode", and the first DNS server in System/General Setup is the main office pfsene with the host overrides.

    Here is how I diag that it isn't working: On the branch office pfsense I run Diag/command line:

    • dig @branch.office.pfsense.ip host.override.ip.address -> no data
    • dig @main.office.pfsense.ip host.override.ip.address -> correct ip address

    What am I doing wrong?

Log in to reply