Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolution Behavior under 23.01 appears to ignore setting

    DHCP and DNS
    3
    5
    844
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • kesawiK
      kesawi
      last edited by

      I've just upgraded from 22.05 and 23.01 and noticed that the DNS Resolution Behavior setting under System\General Setup appears to ignore the setting Use remote DNS Servers, ignore local DNS when I have the DNS Forwarder service enabled.

      Regardless of what I set the DNS Resolution Behavior setting to it still includes 127.0.0.1 as a name server in /etc/resolve.conf. If I disable the DNS forwarder service then it removes 127.0.0.1 as a name server in /etc/resolve.conf, however enabling the service adds the entry bakc in despite the DNS Resolution Behavior setting.

      Manually editing /etc/resolve.conf fixes it until I make configuration changes.

      J 1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        I can't reproduce this. When I set it to "use remote, ignore local" then only the name servers listed on System > General are present even when using the DNS forwarder.

        Do you maybe have 127.0.0.1 in that list?

        Or if you have allowed overrides to DNS servers, it's possible it's coming from DHCP or similar, but that seems unlikely.

        Looking at the code there isn't any way that setting is remote in the config which would result in it being added that way, so it has to be coming from something else.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • kesawiK
          kesawi
          last edited by

          I don't have 127.0.0.1 specified as a DNS server anywhere that I can see.

          DNS override is disabled.

          When I try setting use local DNS, ignore remote it still lists the remote DNS in the system information on the dashboard.

          I think I've fixed it by removing localhost from the selected interfaces in the DNS Forwarder settings.

          Perhaps there's something in the code in the DNS Forwarder settings that overrides the general settings?

          1 Reply Last reply Reply Quote 0
          • J
            JasonAU @kesawi
            last edited by

            @kesawi Slightly off topic, I'm interested to understand why you want this setting?

            What in your environment etc needs this config or how do expect the behavior to change.

            Personally, I am using Cloudflare 1.1.1.2 /1.0.0.2 in my General setup /DNS

            I can see 127.0.0.1 also listed in the DNS Servers on the main status page, due to the setting 'Use Local DNS (127.0.0.1) fall back to remote DNS servers.

            Inside my DHCP I set the pfsense box as DNS server and have experimented with FW rules on the LAN to block other DNS going out

            Brisbane Queensland Australia

            kesawiK 1 Reply Last reply Reply Quote 0
            • kesawiK
              kesawi @JasonAU
              last edited by

              @jasonau good to see another Brisbane local on the forums.

              I use Active Directory on my primary LAN for DNS and DHCP to my clients. I have a guest network and a DMZ with some public facing servers which are served by pfSense for DNS Forwarder and DHCP. I also have several internal DNS based aliases for firewall rules.

              I need pfSense to be able to resolve local addresses for the firewall alias rules, but don't want the guest or DMZ network to be able to query any of the DNS entries for my LAN. I figure if clients of my guest or DMZ networks get pwned I don't want them to be able to start reverse resolving my private IP addresses to potentially map my LAN network. I have specific rules in the DNS Forwarder settings blocking lookup for my internal LAN domains.

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.