Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver intranet clients and hosting

    DHCP and DNS
    3
    7
    629
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kidalabama
      last edited by kidalabama

      2.jpeg

      only problem is intranet users can't run, i hosted domains problem.

      NAT Config

      WAN TCP/UDP * * WAN address 53 (DNS) 192.168.1.102 53 (DNS) dns

      dig xyz.com

      ; <<>> DiG 9.11.5-P4-5.1+deb10u2-Debian <<>> nurettinalp.com
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 59902
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 4096
      ;; QUESTION SECTION:
      ;xyz.com. IN A

      ;; Query time: 0 msec
      ;; SERVER: 192.168.1.1#53(192.168.1.1)
      ;; WHEN: Mon Jan 11 17:01:48 +03 2021
      ;; MSG SIZE rcvd: 44

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @kidalabama
        last edited by

        @kidalabama
        You have to add a domain override for xyz.com to the DNS resolver pointing to your internal server.

        K 2 Replies Last reply Reply Quote 0
        • K
          kidalabama @viragomann
          last edited by kidalabama

          @viragomann i have got lot of domain and when disable bridge mode problem solve but i want use modem in bridge mode.

          i can solve problem with

          "DNS Query Forwarding
          Enable Forwarding Mode If this option is set, DNS queries will be forwarded to the upstream DNS servers defined under System > General Setup or those obtained via DHCP/PPP on WAN (if DNS Server Override is enabled there)."

          8.8.8.8
          8.8.4.4

          but i want use pfsense's dns resolver. or i can use 192.168.1.102 dns server.

          if problem 8.8.8.8 or 192.168.1.102 pfsense not running. or i can use bind dns server.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @kidalabama
            last edited by

            @kidalabama
            Do these domains resolve to private IP addresses?

            S 1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @viragomann
              last edited by

              Is xyz.com a real domain? The reason for using NAT on port 53 would be so the world would be able to access DNS. If you want the NAT rule to work from inside, you need to enable NAT reflection in System->Advanced->Firewall & NAT. Otherwise as viragomann suggests you can set a domain override in Services->DNS Resolver to have LAN computers be told to access the local server for DNS requests for that domain.

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              K 1 Reply Last reply Reply Quote 0
              • K
                kidalabama @viragomann
                last edited by

                @viragomann dig dns status: SERVFAIL nothing found. neither public ip nor private ip.

                1 Reply Last reply Reply Quote 0
                • K
                  kidalabama @SteveITS
                  last edited by

                  @teamits yes a lot of real domain and already opened

                  Enable NAT Reflection for 1:1 NAT
                  Enable automatic outbound NAT for Reflection.

                  this problem happened when cable modem chenged to bridge mode(old router mode)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.