• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

DNS on LAN not resolving same as WAN side

Scheduled Pinned Locked Moved DHCP and DNS
7 Posts 2 Posters 317 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kjl
    last edited by Mar 28, 2024, 5:07 PM

    I have my box as on a local network (router behind router). The WAN side gets its IP address from a DHCP server including the DNS servers from the intranet. These DNS servers are on the WAN side and resolve all of the local devices. When I query e.g.: Diagnostics -> DNS Lookup it resolve's just fine. But any device on the LAN side it will not revolve. But any outside domain (e.g. Microsoft.com, Google.com) will resolve just fine everywhere. It I manually put in the internal DNS IP addresses in the DHCP settings then the LAN devices will resolve the IPs...but I should not have to do that. Any ideas why the LAN side will not use those DNS servers automatically?

    eb79acb2-b678-486e-b50c-b0e8c5a6e94c-image.png

    8eaca4ad-9112-4bf9-8533-dbfd9dfd5698-image.png

    J 1 Reply Last reply Mar 28, 2024, 5:26 PM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @kjl
      last edited by johnpoz Mar 28, 2024, 5:27 PM Mar 28, 2024, 5:26 PM

      @kjl why would you have both a A record and a CNAME? That is going to be very problematic.. That is borked config.. so yeah could see why your going to have problems.

      You either have an A record or a CNAME you can''t have both. Well you can create them - but its going not work.

      Where that cname points would end up being the A record..

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      K 1 Reply Last reply Mar 28, 2024, 5:36 PM Reply Quote 0
      • K
        kjl @johnpoz
        last edited by Mar 28, 2024, 5:36 PM

        @johnpoz tfs-clinical points to usherapp133 hence the CNAME. usherapp133 points to 10.1.24.180 A record. How is that wrong...Also not relevant to DNS not getting resolved on the LAN side. If I am on the LAN side and point DNS directly to one of the internals (e.g., 10.236.192.11) it works fine. The issue is that the LAN side is not getting what the WAN side gets.

        J 1 Reply Last reply Mar 28, 2024, 5:44 PM Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator @kjl
          last edited by johnpoz Mar 28, 2024, 5:48 PM Mar 28, 2024, 5:44 PM

          @kjl you can not have a A record for host.domain.tld and a cname for host.domain.tld that points it to other.otherdomain.tld

          It is borked config.. You either have your host.domain.tld point to a cname, or you have a A record for it.

          If your doing a domain override for something, and unbound has to go ask some other NS and it returns rfc1918 that is also going to fail unless you turn off rebind protection for that domain or completely turn off rebind.

          rfc1918 is only going to be returned for local resources, unless you have turned off rebind.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          K 1 Reply Last reply Mar 28, 2024, 5:50 PM Reply Quote 1
          • K
            kjl @johnpoz
            last edited by kjl Mar 28, 2024, 5:59 PM Mar 28, 2024, 5:50 PM

            @johnpoz

            I tried the disabling of rebinding. That worked.
            Thanks for your help!!

            J 1 Reply Last reply Mar 28, 2024, 6:28 PM Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator @kjl
              last edited by Mar 28, 2024, 6:28 PM

              @kjl I wouldn't suggest you disable it completely - just setup whatever domain your pointing to some other NS as private.

              https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html#dns-resolver

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              K 1 Reply Last reply Mar 28, 2024, 6:30 PM Reply Quote 1
              • K
                kjl @johnpoz
                last edited by Mar 28, 2024, 6:30 PM

                @johnpoz Thanks for your help that worked!

                1 Reply Last reply Reply Quote 0
                1 out of 7
                • First post
                  1/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received