Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ios 14 DNS Resolution Type 65 / DNS Forwarder Failure

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scottmcgurk
      last edited by scottmcgurk

      Hi all,

      Running pfSense with the DNS Forwarder (not resolver) enabled. Have some devices which have update to ios14 and the split DNS setup I've got has now broken.

      I've run a packet trace on one of the devices and discovered the following;

      I have my local hosts registered in the DNS forwarder, and my public WAN ip registered on the public DNS servers.
      pfSense is queried for the A record and answers as expected;

      11.121442	172.16.8.5	172.16.11.1	DNS	87	Standard query 0xc88d A internal.domain.com
      11.121535	172.16.11.1	172.16.8.5	DNS	103	Standard query response 0xc88d A internal.domain.com A 172.16.11.80
      

      but at the same time, I see the following DNS exchange which returns the public resource for the record. It appears as if as pfSense wasn't able to answer the query for the resource (the resource does exist, but not as type 65 in the forwarder) it's passed upstream and I revieve the answer I'd see from one of my WAN DNS Servers. End result being that internal resolution doesn't work as ios14 prefers the t65 answer over the local answer.

      11.120126	172.16.8.5	172.16.11.1	DNS	87	Standard query 0xd811 Unknown (65) internal.domain.com
      11.138414	172.16.11.1	172.16.8.5	DNS	169	Standard query response 0xd811 Unknown (65) internal.domain.com CNAME launchpad.wanip.com SOA ns1.domainpublic.net
      

      Is there a way for me to force pfSense not to return data for type65 requests for addresses which are held in the DNS forwarder?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.