  • Hi all,

    Running pfSense with the DNS Forwarder (not resolver) enabled. Have some devices which have update to ios14 and the split DNS setup I've got has now broken.

    I've run a packet trace on one of the devices and discovered the following;

    I have my local hosts registered in the DNS forwarder, and my public WAN ip registered on the public DNS servers.
    pfSense is queried for the A record and answers as expected;

    11.121442	DNS	87	Standard query 0xc88d A
    11.121535	DNS	103	Standard query response 0xc88d A A

    but at the same time, I see the following DNS exchange which returns the public resource for the record. It appears as if as pfSense wasn't able to answer the query for the resource (the resource does exist, but not as type 65 in the forwarder) it's passed upstream and I revieve the answer I'd see from one of my WAN DNS Servers. End result being that internal resolution doesn't work as ios14 prefers the t65 answer over the local answer.

    11.120126	DNS	87	Standard query 0xd811 Unknown (65)
    11.138414	DNS	169	Standard query response 0xd811 Unknown (65) CNAME SOA

    Is there a way for me to force pfSense not to return data for type65 requests for addresses which are held in the DNS forwarder?

