DNS Resolver "forgets" Domain Overrides from time to time
-
Hello
I added a Domain Override for my local AD. So xxx.local to the IP of the AD. It all works, but randomly the DNS Resolver can not resolve xxx.local. Then I restart the DNS Resolver Service and all works again.
Any Ideas?
Edit:
I'm using pfSense v2.4.5
-
Hi,
When it happens again, before restarting the Resolver, check the file /etc/hosts
Your DNS override should be there.
And the Resolver primes from that file.
-
This post is deleted!
-
It doesn't happened since I posted my question, but I took a look at the hosts file and I can't see any overwrite in there. See:
Content of hosts file (anonymized):
127.0.0.1 localhost localhost.example.com ::1 localhost localhost.example.com 192.168.1.1 myfw.example.com myfw
-
When you you say you can not resolve your AD domain, the override is not listed in domain overrides?
domain overrides would not be in the /etc/hosts file, only host overrides would be there.
Domain overrides would be here
[2.4.5-RELEASE][admin@sg4860.local.lan]/var/unbound: cat domainoverrides.conf forward-zone: name: "something.com" forward-addr: 192.168.9.44 [2.4.5-RELEASE][admin@sg4860.local.lan]/var/unbound:
-
Strange.
I just check the manual : host overrides MUST be there.
Like these :
I found it in the /etc/hosts file like
... 10.0.0.2 ddwrt.brit-hotel-fumel.net ddwrt ....All DHCP Static leases, and dynamic leases should be there also.
edit : host overrides - domain ovverride is something different, they go into the unbound config (didn't check).
-
That is not a "domain override" that is just a host entry.. Ie a host override..
Yeah all those would be in etc/hosts
-
If I go under Diagnostics->DNS Lookup normally it resolves fine:
But from time to time something happens and the domain couldn't be resolved anymore. Then in DNS Lookup:
Then if I restart the DNS Resolver Service it directly works again.
Currently it works and I can see it also in the domainoverrides.conf
-
your using .local - yeah that not a good idea at all! Apple screwed the pooch for doing that long time ago..
-
@johnpoz Okay thx for the info. I'll fix this and hope that this is somehow related to my problem.
-
When they came out with RFC 6762, and using .local for mdns stuff - not a good idea to use that for your local dns names. I would stay away from any single label as well to be honest.
Using something like lan.localdomain if you want.. something.tld is best.. In a perfect world you wold own actual domain, just not use it on the public side.. Or just use something that is unlikely ever going to be a public tld..
I use local.lan - since I find it very very unlikely that .lan will ever be a public .tld
-
RFC 8375 sets aside
.home.arpafor this kind of use, which is what everyone should be migrating to eventually (unless you have a real domain)
