Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS on LAN not resolving same as WAN side

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 2 Posters 316 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kjl
      last edited by

      I have my box as on a local network (router behind router). The WAN side gets its IP address from a DHCP server including the DNS servers from the intranet. These DNS servers are on the WAN side and resolve all of the local devices. When I query e.g.: Diagnostics -> DNS Lookup it resolve's just fine. But any device on the LAN side it will not revolve. But any outside domain (e.g. Microsoft.com, Google.com) will resolve just fine everywhere. It I manually put in the internal DNS IP addresses in the DHCP settings then the LAN devices will resolve the IPs...but I should not have to do that. Any ideas why the LAN side will not use those DNS servers automatically?

      eb79acb2-b678-486e-b50c-b0e8c5a6e94c-image.png

      8eaca4ad-9112-4bf9-8533-dbfd9dfd5698-image.png

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @kjl
        last edited by johnpoz

        @kjl why would you have both a A record and a CNAME? That is going to be very problematic.. That is borked config.. so yeah could see why your going to have problems.

        You either have an A record or a CNAME you can''t have both. Well you can create them - but its going not work.

        Where that cname points would end up being the A record..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        K 1 Reply Last reply Reply Quote 0
        • K
          kjl @johnpoz
          last edited by

          @johnpoz tfs-clinical points to usherapp133 hence the CNAME. usherapp133 points to 10.1.24.180 A record. How is that wrong...Also not relevant to DNS not getting resolved on the LAN side. If I am on the LAN side and point DNS directly to one of the internals (e.g., 10.236.192.11) it works fine. The issue is that the LAN side is not getting what the WAN side gets.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @kjl
            last edited by johnpoz

            @kjl you can not have a A record for host.domain.tld and a cname for host.domain.tld that points it to other.otherdomain.tld

            It is borked config.. You either have your host.domain.tld point to a cname, or you have a A record for it.

            If your doing a domain override for something, and unbound has to go ask some other NS and it returns rfc1918 that is also going to fail unless you turn off rebind protection for that domain or completely turn off rebind.

            rfc1918 is only going to be returned for local resources, unless you have turned off rebind.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            K 1 Reply Last reply Reply Quote 1
            • K
              kjl @johnpoz
              last edited by kjl

              @johnpoz

              I tried the disabling of rebinding. That worked.
              Thanks for your help!!

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @kjl
                last edited by

                @kjl I wouldn't suggest you disable it completely - just setup whatever domain your pointing to some other NS as private.

                https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html#dns-resolver

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                K 1 Reply Last reply Reply Quote 1
                • K
                  kjl @johnpoz
                  last edited by

                  @johnpoz Thanks for your help that worked!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.