Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense as router/firewall for home lab and dns failure to main router

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 2 Posters 879 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      m9x3mos
      last edited by

      Hello All,

      I have been trying to setup pfSense on a VM in my home lab which is behind another router (Asus RT-AC5300) to control and test in my home lab.

      I was able to go through the basic setup and have it set with static ip address on the wan side with the dns being set to my main router (10.1.10.1) and 8.8.8.8.
      b131cd56-b473-443c-a3db-787c2f2eb5c4-image.png

      pfSense lan is on 10.1.11.1 and a route it set on my main router for this range back to 10.1.10.1.

      Any time I try to dns lookup to a machine name on the main router it always fails to resolve even though 10.1.10.1 is in the name server list. External internet lookups work fine. It is only the DNS to the main router it doesn't seem to be finding.

      dd02d225-c5e9-4fb6-8e28-6087ab7513f3-image.png

      I have setup the access list on the DNS Resolver to include 10.1.10.0/24 and 10.1.11.0/24 and it still isn't working.

      39b54abd-3681-400e-a20a-53c019693e2a-image.png

      I had this setup before on an older version and it worked by this time I can't seem to get it working.

      Any help would be greatly appreciated.

      bingo600B 1 Reply Last reply Reply Quote 0
      • bingo600B Offline
        bingo600 @m9x3mos
        last edited by

        @m9x3mos

        Does your pfSense have the same domainname as vulcan ?
        See Dashboard --> System Information --> Name

        Have you tried to resolve the FQDN - ie. vulcan.<domainname> ?

        /Bingo

        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

        pfSense+ 23.05.1 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

        M 1 Reply Last reply Reply Quote 0
        • M Offline
          m9x3mos @bingo600
          last edited by

          @bingo600
          vulcan being on the asus router (outside pfsense) does not have the same domain. It would fall under asus.router.
          After putting in an override for domains in pfSense this morning for asus.router to 10.1.10.1 I can ping it from the pfsense machines as vulcan.asus.router
          I also attempted this from a OpenVPN connected machine (to pfSense), that isn't working though. So now I am finding the DNS is working on local machines but not on OpenVPN.

          bingo600B 1 Reply Last reply Reply Quote 0
          • bingo600B Offline
            bingo600 @m9x3mos
            last edited by bingo600

            @m9x3mos
            Remember to add the OpenVPN "Client network" to the "unbound resolver ACL's" , else unbound will reject the lookup.
            And i assume you have permitted TCP/UDP 53 from OpenVPN clients to the pfSense interface you announce as openVPN dns server ip.

            Edit:
            I think there's a "feature" in unbound , where it would reject RFC1918 dns answers (from the asus) unless being told to accept them.

            @johnpoz
            Could you share a hint here ?

            /Bingo

            If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

            pfSense+ 23.05.1 (ZFS)

            QOTOM-Q355G4 Quad Lan.
            CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
            LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.