ios 14 DNS Resolution Type 65 / DNS Forwarder Failure



  • Hi all,

    Running pfSense with the DNS Forwarder (not resolver) enabled. Have some devices which have update to ios14 and the split DNS setup I've got has now broken.

    I've run a packet trace on one of the devices and discovered the following;

    I have my local hosts registered in the DNS forwarder, and my public WAN ip registered on the public DNS servers.
    pfSense is queried for the A record and answers as expected;

    11.121442	172.16.8.5	172.16.11.1	DNS	87	Standard query 0xc88d A internal.domain.com
    11.121535	172.16.11.1	172.16.8.5	DNS	103	Standard query response 0xc88d A internal.domain.com A 172.16.11.80
    

    but at the same time, I see the following DNS exchange which returns the public resource for the record. It appears as if as pfSense wasn't able to answer the query for the resource (the resource does exist, but not as type 65 in the forwarder) it's passed upstream and I revieve the answer I'd see from one of my WAN DNS Servers. End result being that internal resolution doesn't work as ios14 prefers the t65 answer over the local answer.

    11.120126	172.16.8.5	172.16.11.1	DNS	87	Standard query 0xd811 Unknown (65) internal.domain.com
    11.138414	172.16.11.1	172.16.8.5	DNS	169	Standard query response 0xd811 Unknown (65) internal.domain.com CNAME launchpad.wanip.com SOA ns1.domainpublic.net
    

    Is there a way for me to force pfSense not to return data for type65 requests for addresses which are held in the DNS forwarder?


Log in to reply