pfsense can resolve internal servers, except for the internal DNS servers
-
Hello,
I had a problem that is solved but that I don't quite understand, maybe someone of you has the insight.
We are using pfsense 23 on a netgate-5100. DMZ and internal network and 3 WAN's.
On the internal network we have 2 AD servers running DNS, on the firewall we have DNS Forward set up and under "General System" on the pfsense we have the two internal DNS servers configured. With the update to 23 I could not configure the AD as an authentication server or the login did not work anymore, the reason was that the AD servers could not be resolved.
When testing on the firewall I noticed that I can find all internal servers through dig and nslookup but not the AD or DNS servers. (for the lookup of the others servers the internal DNS-Servers are used)
I have finally solved this by an Host override on the Firewall. But I can not quite explain how the error comes about, does somebody have an idea?
-
@admrm pfSense doesn't know about local DNS unless you set up a domain override, which will forward all queries for AD to the server(s) listed in the override. A host override will work for the domain itself but not PCs or other entries in AD DNS (inside the AD domain).
The General tab is for pfSense itself to make DNS queries, which is different than devices querying pfSense for DNS.
Edit: DNS issues on Windows can be sporadic because Windows does not query DNS in order, it uses the last known good DNS first. So it can adjust ordering if it tries to query while an AD DNS server is rebooting for example.