Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Split horizon

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 3 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rduz
      last edited by

      Hi,

      I'm pretty new to pfSense.  I've got a test system up and running since last weekend.  I'm planning to migrate my network over once I work out the kinks.  I've got several web sites, and ~10 computers on my live network, and just a couple hosts on the test network.

      I've been digging through the forums trying to find out the correct way to handle a dns issue.  I've got 32 static IP addresses, and I run SSL for web sites, meaning each has to have its own IP.

      wan: 216.248.85.96/27
      lan: 192.168.80.1
      dmz: 192.168.81.1

      I'm using 1:1 NAT successfully.

      // ssh attempt from internal network, using internal IP, successful
      $ ssh root@192.168.81.100
      root@192.168.81.100's password:

      // ssh attempt from internal network, using external IP, unsuccessful
      $ ssh root@216.248.85.126
      ssh: connect to host 216.248.85.126 port 22: Connection timed out

      So, it appears that when inside the network, I should use the internal IP, and when outside the network, use the outside IP.  I'm fine with that.  DNS normally just wants to hand out one IP, however.

      http://www.guinix.com/technote/dualdns.html describes two tinydns methods for handling a split horizon.  Option one, multiple servers, and option two, record tagging.  Neither of which (from my reading) seem easily supported by pfsense.  I'm leaning towards option two, using the %IN or %EX tagging, but the web interface doesn't seem to support it in any way, and in fact makes it very difficult since the tagging is to come after the TTL field, and the tinydns data file is rebuilt from an xml file.

      What is the best way to handle a split horizon in the pfsense world?

      Thank you.

      Regards,
      Rich

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F
        Method 2 describes how you can do that pretty simple with the DNSforwarder on pfSense.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • R
          rduz
          last edited by

          @GruensFroeschli:

          http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F
          Method 2 describes how you can do that pretty simple with the DNSforwarder on pfSense.

          Thank you kindly for the documentation pointer.  I think I will attempt to use method two.  From what I can see, it should work just fine.

          Thank you.

          Regards,
          Rich

          1 Reply Last reply Reply Quote 0
          • E
            emabiz
            last edited by

            Hi,
            is it possible to configure tinydns as a split horizon dns server?
            I've tried to use tinydns (listening on 127.0.0.1) to serve external requests (authoritative server) and internal dnsforwarder to serve internal clients, but it dosen't work.
            Thankyou for help,
            Emanuele

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.