force local hostname resolution behind internet box

johnpoz · Feb 24, 2024, 9:53 PM

@rjcab when you setup pfsense for such a purpose, and this would be pfsense wan, even if on your "lan"..

There are much easier ways to run dhcp/dns services then firing up pfsense for such mundane services.. pihole can do this for example..

rjcab · Feb 24, 2024, 10:05 PM

@johnpoz you are right but this is juste for couple of weeks

johnpoz · Feb 24, 2024, 10:20 PM

@rjcab and a pihole would take all of like 2 minutes to setup, and specifically designed for exactly this - provide dns and also can do dhcp.. Vs software that is meant to be your router/firewall and has very advanced functions and a more complicated setup to be used for such a purpose. And meant to run clean on the box/vm as the only OS... While pihole can just run as some software on any linux distro or as just a docker on any os, etc..

But hey you do you.. But I would expect issues if your trying to tell pfsense hey this is your lan, but hey use it as your wan, etc..

rjcab · Feb 24, 2024, 10:22 PM


➜  ~ dig

; <<>> DiG 9.10.6 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 1036
;; flags: qr rd ad; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; Query time: 52 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Sat Feb 24 23:18:51 CET 2024
;; MSG SIZE  rcvd: 12

➜  ~ ping jc.local.lan
ping: cannot resolve jc.local.lan: Unknown host
➜  ~

in the static dhcp config:

I this config, no internet access, I need I think to specify somewhere in Pfsense the path or DNS to go outside the LAN.
For the hostname resolution I don't know as the IP address for DNS 1.1 is the right one

rjcab · Feb 24, 2024, 10:25 PM

@johnpoz Sure, But in this way I learn a lot about pfsense :-)

johnpoz · Feb 24, 2024, 10:35 PM

@rjcab I am not sure using something in a way its not actually meant to be used is learning about it ;) But hey have fun..

Btw if your using kea, static reservations will not show up for dns.. And if using isc, you have to tell unbound to register static dhcp reservations..

And your query was refused, so wouldn't matter even if pfsense had a record it could answer with... So you have your ACLs not correct in unbound.

rjcab · Feb 24, 2024, 10:38 PM

@johnpoz

but i didnot understand the unbound stuff, I will look at

johnpoz · Feb 24, 2024, 10:59 PM

@rjcab out of the box pfsense creates automatic ACL (access control lists) to allow say your lan to query it.. But how you have it setup I don't know what the ACLs would be set to, if pfsense thinks lan is a wan, it might not allow queries because well normally you wouldn't want to provide dns to say the internet ;)

That refused there is saying unbound refused to serve you what you asked for.. You may need to manually adjust unbounds ACLs.

I do not believe register static is enabled by default, but your going to want that set as well

rjcab · Feb 24, 2024, 11:02 PM

already enabled:

johnpoz · Feb 24, 2024, 11:09 PM

@rjcab well that refused when you did a dig screams acls.. Manually set it to allow your network to query..

I am not 100% sure if just creating one overrides auto, etc.. So you might want to disable the auto, and just create your own