DNS can't resolve
-
Hello Guys,
DNS server can't resolve my local network IPs inside pfSense. as below firewall logs doesn't resolve IP !!
My local DNS Server is 10.10.100.5
Please Advise!
-
Well do you have PTR setup for 10.10.100?
What is the point of a domain override if your forwarding everything to that NS?
Also if your going to forward - there is ZERO point to clicking dnssec... The more I look at your setup the more I just think WTF??? ;)
So your using ssl for your forward, on port 53? Really - yeah just WTF is my response overall to that mess!
What exactly do you want to accomplish - and we can walk through how to do it... Cuz what your doing sure isn't it ;)
-
@johnpoz it is solved by removing the nameserver 127.0.0.1 from pfSense cli resolve.conf
is it right or can make any problem ? -
NO...
I have no idea what your trying to do exactly with that mess..
If you want to run a local ns, then fine.. How does that NS resolve public dns - does it resolve - or does it forward to where?
Who handles the reverse zones to resolve PTRs - this NS, pfsense? Normally pfsense will do that with registration of its dhcp leases, and or dhcp reservations. If you have some other NS you want to use on your network.. How to you plan on resolving the PTRs? Are the clients going to register themselves, is your dhcp server going to do it - is that 10.x box MS AD dns? etc. etc.
Where do your clients point for dns - this 10 box, pfsense?
Out of the box pfsense points to itself and resolves vs forwarding. If you want to resolve domain.tld locally, then a domain override is all that is required. If you have something else that will handle your reverse zones - then you would setup a domain override for the in-addr.arpa zone..
Your going to have to explain what your wanting to accomplish for anyone to be able to help you.
-
Thanks @johnpoz for your care and help. my main problem tat I want to resolve the pfSense's system logs IPs before removing the nameserver: 127.0.0.1 i got a message that pfSense can't resolve but after removing it I can resolve the logs normally. That's all
-
You still have a MESS!!! And your forwarding in unbound is wrong... Because I pretty much can promise you your 10.10.100.5 box sure not doing dot over port 53..
So while your 10.10.100 box can resolve PTR I take it, your whole unbound setup is just borked! If you tell pfsense that it can use 10.10.100.5 as NS in general, its no going to be doing dot, just normal dns query, etc.
I would highly suggest you fix your setup to make some sense..
If your going to point pfsense direct to your 10 box, seems you have zero use for unbound and might as well just disable it.