DNS Resolver intranet clients and hosting

kidalabama · Jan 11, 2021, 2:14 PM

only problem is intranet users can't run, i hosted domains problem.

NAT Config

WAN TCP/UDP * * WAN address 53 (DNS) 192.168.1.102 53 (DNS) dns

dig xyz.com

; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> nurettinalp.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59902
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xyz.com. IN A

;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Mon Jan 11 17:01:48 +03 2021
;; MSG SIZE rcvd: 44

viragomann · Jan 11, 2021, 6:55 PM

@kidalabama
You have to add a domain override for xyz.com to the DNS resolver pointing to your internal server.

kidalabama · Jan 12, 2021, 7:50 AM

@viragomann i have got lot of domain and when disable bridge mode problem solve but i want use modem in bridge mode.

i can solve problem with

"DNS Query Forwarding
Enable Forwarding Mode If this option is set, DNS queries will be forwarded to the upstream DNS servers defined under System > General Setup or those obtained via DHCP/PPP on WAN (if DNS Server Override is enabled there)."

8.8.8.8
8.8.4.4

but i want use pfsense's dns resolver. or i can use 192.168.1.102 dns server.

if problem 8.8.8.8 or 192.168.1.102 pfsense not running. or i can use bind dns server.

viragomann · Jan 12, 2021, 3:13 PM

@kidalabama
Do these domains resolve to private IP addresses?

SteveITS · Jan 12, 2021, 3:20 PM

Is xyz.com a real domain? The reason for using NAT on port 53 would be so the world would be able to access DNS. If you want the NAT rule to work from inside, you need to enable NAT reflection in System->Advanced->Firewall & NAT. Otherwise as viragomann suggests you can set a domain override in Services->DNS Resolver to have LAN computers be told to access the local server for DNS requests for that domain.

kidalabama · Jan 12, 2021, 7:13 PM

@viragomann dig dns status: SERVFAIL nothing found. neither public ip nor private ip.

kidalabama · Jan 12, 2021, 7:16 PM

@teamits yes a lot of real domain and already opened

Enable NAT Reflection for 1:1 NAT
Enable automatic outbound NAT for Reflection.

this problem happened when cable modem chenged to bridge mode(old router mode)