Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS resolver host override, DNS server is not hosted by pfSense

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 2 Posters 902 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      aagaag
      last edited by

      I have the following configuration for mydomain.com:

      • LAN addresses are 10.10.10.x onwards
      • pfSense gateway is at 10.10.10.1
      • Windows Server is at 10.10.10.2 with integrated DHCP and DNS servers for all LAN devices
      • The windows DNS server at 10.10.10.2 points to a single forwarder on pfSense (10.10.10.1) and no alternative DNS servers
      • Port 443 is NAT-translated to 10.10.10.6 which is a web server (nginx).
      • in the pfSense gateway, the DNS server is disabled and the DNS resolver is configured to do a host override, such that mydomain.com will return the address 10.10.10.6 (which is a nginx web server, as mentioned above).

      From outside of the perimeter, everything works well. Also RDP to mydomain.com from the LAN results in the correct server being addressed However, pointing a browser to https://mydomain.com from a LAN device gets me nowhere. I conclude that the DNS services are not properly configured, but I cannot figure out what's wrong and it's driving me crazy. Might anybody help? 😵

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator @aagaag
        last edited by johnpoz

        @aagaag said in DNS resolver host override, DNS server is not hosted by pfSense:

        pointing a browser to https://mydomain.com from a LAN device gets me nowhere

        If I had to guess your browser is using doh, and not asking your local dns.

        If your windows server is providing dns, why would you not just create the A record there, a little confused why the host override is wanted or needed on the pfsense box?

        But with browsers loves knowing more than the user user them - so doh has become default on many of them.. They need to be able to serve those ads ;)

        On this box your running your browser on, if you go to cmd line and just do a nslookup, or dig or host (whatever your fav dns tool is) what does it return for mydomain.com?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

        A 1 Reply Last reply Reply Quote 0
        • A Offline
          aagaag @johnpoz
          last edited by

          nslookup says:
          nslookup mydomain.com
          Server: server2022.lan
          Address: 10.10.10.2

          Name: mydomain.com
          Addresses: 10.10.10.2
          148.60.57.113
          [the last line is the WAN address of the pfSense, redacted)

          A 1 Reply Last reply Reply Quote 0
          • A Offline
            aagaag @aagaag
            last edited by

            I should add that the WAN address is dynamic (though it rarely changes), which I am afraid introduces yet another level of complexity...

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator @aagaag
              last edited by

              @aagaag so why would you be pulling both addresses - I would think you would just pull the address you created with host override.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

              A 1 Reply Last reply Reply Quote 0
              • A Offline
                aagaag @johnpoz
                last edited by

                @johnpoz thanks a million! I made a "mydomain.com" forward lookup zone in the windows2022 server, placed an A record resolving mydomain.com to the current WAN ip, and a wildcard A record for *.mydomain.com. 90% of the whole site is now working both inside and outside the LAN using the same outside URLs.
                I am still frightened by what will happen once the WAN IP will be rotated by the provider. Is there any way to provision for that?

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ Offline
                  johnpoz LAYER 8 Global Moderator @aagaag
                  last edited by

                  @aagaag said in DNS resolver host override, DNS server is not hosted by pfSense:

                  WAN IP will be rotated by the provider. Is there any way to provision for that?

                  This is what ddns is for, setup a ddns to point to whatever your public IP is..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                  1 Reply Last reply Reply Quote 1
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.