DNS on LAN not resolving same as WAN side
-
I have my box as on a local network (router behind router). The WAN side gets its IP address from a DHCP server including the DNS servers from the intranet. These DNS servers are on the WAN side and resolve all of the local devices. When I query e.g.: Diagnostics -> DNS Lookup it resolve's just fine. But any device on the LAN side it will not revolve. But any outside domain (e.g. Microsoft.com, Google.com) will resolve just fine everywhere. It I manually put in the internal DNS IP addresses in the DHCP settings then the LAN devices will resolve the IPs...but I should not have to do that. Any ideas why the LAN side will not use those DNS servers automatically?
-
@kjl why would you have both a A record and a CNAME? That is going to be very problematic.. That is borked config.. so yeah could see why your going to have problems.
You either have an A record or a CNAME you can''t have both. Well you can create them - but its going not work.
Where that cname points would end up being the A record..
-
@johnpoz tfs-clinical points to usherapp133 hence the CNAME. usherapp133 points to 10.1.24.180 A record. How is that wrong...Also not relevant to DNS not getting resolved on the LAN side. If I am on the LAN side and point DNS directly to one of the internals (e.g., 10.236.192.11) it works fine. The issue is that the LAN side is not getting what the WAN side gets.
-
@kjl you can not have a A record for host.domain.tld and a cname for host.domain.tld that points it to other.otherdomain.tld
It is borked config.. You either have your host.domain.tld point to a cname, or you have a A record for it.
If your doing a domain override for something, and unbound has to go ask some other NS and it returns rfc1918 that is also going to fail unless you turn off rebind protection for that domain or completely turn off rebind.
rfc1918 is only going to be returned for local resources, unless you have turned off rebind.
-
I tried the disabling of rebinding. That worked.
Thanks for your help!! -
@kjl I wouldn't suggest you disable it completely - just setup whatever domain your pointing to some other NS as private.
https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html#dns-resolver
-
@johnpoz Thanks for your help that worked!