ios 14 DNS Resolution Type 65 / DNS Forwarder Failure
Running pfSense with the DNS Forwarder (not resolver) enabled. Have some devices which have update to ios14 and the split DNS setup I've got has now broken.
I've run a packet trace on one of the devices and discovered the following;
I have my local hosts registered in the DNS forwarder, and my public WAN ip registered on the public DNS servers.
pfSense is queried for the A record and answers as expected;
11.121442 172.16.8.5 172.16.11.1 DNS 87 Standard query 0xc88d A internal.domain.com 11.121535 172.16.11.1 172.16.8.5 DNS 103 Standard query response 0xc88d A internal.domain.com A 172.16.11.80
but at the same time, I see the following DNS exchange which returns the public resource for the record. It appears as if as pfSense wasn't able to answer the query for the resource (the resource does exist, but not as type 65 in the forwarder) it's passed upstream and I revieve the answer I'd see from one of my WAN DNS Servers. End result being that internal resolution doesn't work as ios14 prefers the t65 answer over the local answer.
11.120126 172.16.8.5 172.16.11.1 DNS 87 Standard query 0xd811 Unknown (65) internal.domain.com 11.138414 172.16.11.1 172.16.8.5 DNS 169 Standard query response 0xd811 Unknown (65) internal.domain.com CNAME launchpad.wanip.com SOA ns1.domainpublic.net
Is there a way for me to force pfSense not to return data for type65 requests for addresses which are held in the DNS forwarder?