Split DNS Isn't Working?
-
I am new to Split DNS and what I have set up seems more like acting as a firewall...nothing going out to the Internet from the DMZ. Tried to upgrade FreePBX to Asterisk 19 and it wasn't going anywhere. So, there must be a mis-configuration somewhere. This is what happened when I did a traceroute from FreePBX:
[root@nollivoipserver ~]# traceroute mirrorlist.sangoma.net
traceroute to mirrorlist.sangoma.net (104.22.33.150), 30 hops max, 60 byte packets
1 gateway (10.8.27.1) 0.212 ms 0.202 ms 0.189 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 *^C
[root@nollivoipserver ~]#
But this is the firewall rules on the DMZ:
The host override:
1 to 1 NAT with NAT reflection enabled
And DNS:
So, I am wondering whether somehow I boxed freepbx in unintentionally...if mirrorlist.sangoma.net was resolved to the IP (104.22.33.150), then it appears the split DNS is working...so the NAT reflection is the issue...but I disabled it and still wasn't going out. This has been puzzling me over the pass weekend to now why nothing going out the DMZ...I even disabled Freepbx firewall and still nothing going out to the Internet on the DMZ. I post here since this was the last configuration I had done on pfSense. Then, more confusion with this:
-
Well, my Lenovo on-board NIC appears to stick on itself doing DNS and it's grayed out; so, I'll drop another NIC in.
-
@nollipfsense said in Split DNS Isn't Working?:
NIC
A NIC doing DNS ?
A NIC is a bunch of electronics like capacitors and inductors for creating a good line impedance, a clock detctor (using a PLL), a big shift registers, some CRC bit test functionality. Some front end 'PCI' logic to make the NIC accessible for the CPU and DMA for the actual data transfer.
A NIC might be able do take some useful decisions based on the MAC parts in the packet headers. Check the CRC for you.
The on board ROM should be seen as a BIOS extension, so the NIC could be used by the BIOS to remote boot on OS or something like that.These are my words, but I'm pretty sure a NIC doesn't know what "DNS" is. It knowledge stops at the "TCP/IP" border, which is far lower on the OSI ladder.
-
@gertjan said in Split DNS Isn't Working?:
@nollipfsense said in Split DNS Isn't Working?:
NIC
A NIC doing DNS ?
A NIC is a bunch of electronics like capacitors and inductors for creating a good line impedance, a clock detctor (using a PLL), a big shift registers, some CRC bit test functionality. Some front end 'PCI' logic to make the NIC accessible for the CPU and DMA for the actual data transfer.
A NIC might be able do take some useful decisions based on the MAC parts in the packet headers. Check the CRC for you.
The on board ROM should be seen as a BIOS extension, so the NIC could be used by the BIOS to remote boot on OS or something like that.These are my words, but I'm pretty sure a NIC doesn't know what "DNS" is. It knowledge stops at the "TCP/IP" border, which is far lower on the OSI ladder.
Yeah, I know it sounds funny and the way I said it with emotional twist at the time looking at the Freepbx interface and seeing DNS 10.8.27.1 grayed out, knowing it was the right opportunity to do a clean 2.6 install. While in the bios, I did thought about that, but it was too late, I already committed to a clean install long over due.
The sad part is I swore that my latest configuration change was backed up, and it turned out to be a lie. The more one does it; the more one learns, I guess. I rebuilt both pfSense and FreePBX last night.
