DNS resolves internal names with WAN-IP from time to time

mircsicz

sometimes the DNS-Forwarder on my pfSense 1.2.2 install seems to resolv internal hostnames to the WAN-IP:

[mircsicz@bernds-imac.bad-nauheim.wse-yyyy.de ~]
14$ ping proxy.bad-nauheim.wse-yyyy.de
PING proxy.bad-nauheim.wse-yyyy.de.bad-nauheim.wse-yyyy.de (aaa.bbb.ccc.ddd): 56 data bytes
64 bytes from aaa.bbb.ccc.ddd: icmp_seq=0 ttl=64 time=0.375 ms
64 bytes from aaa.bbb.ccc.ddd: icmp_seq=1 ttl=64 time=0.133 ms
64 bytes from aaa.bbb.ccc.ddd: icmp_seq=2 ttl=64 time=0.173 ms
^C
–- proxy.bad-nauheim.wse-yyyy.de.bad-nauheim.wse-yyyy.de ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.133/0.227/0.375/0.106 ms
[mircsicz@bernds-imac.bad-nauheim.wse-yyyy.de ~]
15$ dig proxy.bad-nauheim.wse-yyyy.de

; <<>> DiG 9.4.3-P1 <<>> proxy.bad-nauheim.wse-yyyy.de
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44936
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;proxy.bad-nauheim.wse-yyyy.de. IN      A

;; ANSWER SECTION:
proxy.bad-nauheim.wse-yyyy.de. 0 IN    A      192.168.115.19

;; Query time: 2 msec
;; SERVER: 192.168.115.1#53(192.168.115.1)
;; WHEN: Tue Aug 25 20:10:43 2009
;; MSG SIZE  rcvd: 63

[mircsicz@bernds-imac.bad-nauheim.wse-yyyy.de ~]
16$ ping proxy.
PING proxy (192.168.115.19): 56 data bytes
64 bytes from 192.168.115.19: icmp_seq=0 ttl=64 time=4.068 ms
64 bytes from 192.168.115.19: icmp_seq=1 ttl=64 time=0.162 ms
^C
–- proxy ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.162/2.115/4.068/1.953 ms
[mircsicz@bernds-imac.bad-nauheim.wse-yyyy.de ~]
17$ ping proxy
PING proxy.bad-nauheim.wse-yyyy.de (192.168.115.19): 56 data bytes
64 bytes from 192.168.115.19: icmp_seq=0 ttl=64 time=0.182 ms

After the reboot:

[mircsicz@bernds-imac.bad-nauheim.wse-yyyy.de ~]
1$ ping proxy.bad-nauheim.wse-yyyy.de
PING proxy.bad-nauheim.wse-yyyy.de (192.168.115.19): 56 data bytes
64 bytes from 192.168.115.19: icmp_seq=0 ttl=64 time=0.598 ms
64 bytes from 192.168.115.19: icmp_seq=1 ttl=64 time=0.261 ms
^C
–- proxy.bad-nauheim.wse-yyyy.de ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.261/0.429/0.598/0.168 ms

after like half an hour it resolves again to the external IP, but why the hell is it like this???

temporary solution:
dscacheutil -flushcache

But what lead's to the messed DNS-caches on our Mac's???

It would be great if someone could give me a hand...

P.S.: All my linux server's running on a Xen based Sun don't show that problem!

sibi1979

We have noticed the exact situation on our firewall.

Network :
–--------

DNS (.4)  <--------------> (LAN) PFsense bridged (WAN) (.2) <---------> Internet

The "DNS query" is send from the DNS through our firewall. The source packet is like "natted" from IP address .4 to .2. (natting has not been activated on our firewall)

Is this a bug ? Or a setting ?