DNS Successful with 8.8.8.8, not with PFSense
-
I'm having trouble with a specific domain resolving.
cytiva.plmcloudsolutions.comI can do a DNS lookup successfully directly with 8.8.8.8, but not if going through my PFSense router.
PFSense has Google and Cloudflare as DNS servers
I believe DNS Revolver is set up correctly.
Any suggestions on what to try to fix this? I'm assuming there is something wrong with the DNS records of what I'm trying to reach, as all other DNS is working. But would be interesting to know what the problem is.
-
@edhayes3 well your reply is a 10.x address - that is a rebind... And just a horrible idea in the first place. Why would you think resolving public fqdn to rfc1918 would be a good idea.
If you want to do that then you need to set unbound to know that domain is a private domain and rfc1918 is ok, and not a rebind.
https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html#dns-rebinding-protections
Better solution would be just to resolve stuff you want with rfc1918 address space locally..
-
dig @127.0.0.1 cytiva.plmcloudsolutions.com +short
No answer .... you have a case.
https://www.zonemaster.net/domain_check and enter the domain name.
Without even looking what the issue is : Your case is closed. The admin that admins "cytiva.plmcloudsolutions.com" messed up. Bad luck for him. And now for you.
Give him a call ?dig @8.8.8.8 cytiva.plmcloudsolutions.com +short
Gives an explicit answer : two actually.
Both are RFC1918. Unbound won't accept these, normally.
Consider call the guy who admins this.
Wonder what the motivations are.@johnpoz was way faster.
-
Thanks for the quick response guys! I disabled the DNS Rebinding Checks, and that allowed the DNS to work.
I should have noticed the problem that the 10.x.x.x would be.
The domain in question is not under my control. My company outsourced a system design to Siemens; this is under their control. I'll check with them what the goal of all this is. Seems from your two responses, they are not doing this right.
-
@edhayes3 said in DNS Successful with 8.8.8.8, not with PFSense:
disabled the DNS Rebinding Checks
Another option is to add this to "Custom Options" in the DNS Resolver settings:
server: private-domain: "plmcloudsolutions.com"
That will allow private IPs just for that domain.
-
^ exactly - I even pointed out private domain. disable rebind for the everything is a bad idea