Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Domain Overrides for VPN multi site

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 697 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      focheur91300
      last edited by

      Hello,

      I apologize in advance for my English.

      I am opening this topic because I am currently experiencing a problem with DNS Overrides.

      I have a site-to-site VPN configuration that works fine. The only problem is that I can't resolve to a DNS external to the primary site.

      Diagram:
      6ec02e5b-ef2d-45c8-8184-c1d1e1611ba9-Dessin1.jpg

      My request:
      I wish from a post on the primary site to make resolutions of the domain name of the secondary site with the Domain Overrides option configured on the pfsense of the primary site.

      My configuration:

      • DNS Resolver:
        I have configured the Domain Overrides
        a44b06fb-1355-40d8-9e77-135be4913379-screencapture-pfsense-fochcraft-priv-services-unbound-php-2022-05-18-15_31_40.png
        03f1e7c3-8d93-4407-aeff-f4897e3b82b6-screencapture-pfsense-fochcraft-priv-services-unbound-php-2022-05-18-15_52_10.png

      • General Setup:
        Add also DNS IP of the secondary site.
        73a391f9-f1cc-4e26-8ba1-d55011189df1-screencapture-pfsense-fochcraft-priv-system-php-2022-05-18-15_36_04.png

      When I do a pfsense Nslookup of the primary site the DNS of the secondary site does not respond.
      0c19da21-fc98-4f23-a5f0-c7da1384a4b5-screencapture-pfsense-fochcraft-priv-diag-dns-php-2022-05-18-15_40_32.png
      Same thing on a primary site workstation.
      ea9375fe-e8ec-48c3-abfc-1469e7d85e13-image.png

      There is currently no flow blocking between the two sites.

      Thanks in advance to the community.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @focheur91300
        last edited by

        @focheur91300
        Does the remote DNS server allow this access?
        Possibly you have to ad an ACL for the primary pfSense.

        Also maybe the server cannot handle DNSSEC requests. So try to disable it for testing purposes.

        F 1 Reply Last reply Reply Quote 0
        • F
          focheur91300 @viragomann
          last edited by

          Hello @viragomann,
          The problem is DNSSEC.
          Thanks again.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.