Cannot Connect to Samba Shares on TrueNAS Server Via Domain

n3IVI0

I am running pfSense 24.03, TrueNAS 23.10.2.

I am using the same configuration I have always used, but suddenly cannot access my samba shares in the normal manner. They don't show up in the Network section of either my Mac or my Windows machine. I cannot connect to them directly using the domain name for my TrueNAS machine, as I have done routinely in the past. I can still mount shares using the IP address of my TrueNAS machine. I also cannot access my Time Machine share anymore, due to this also being a samba share.

Recently, I had to reinstall pfSense from scratch due to some hardware changes. So I followed my cheat sheet to bring it back online with all the correct settings.

I have Service Watchdog, mailreport, pfBlockerNG, and WireGuard. I am running Mullvad as my privacy VPN, and route all my traffic through that.

My TrueNAS configuration never changed. But nonetheless, I recreated all my shares as multi-protocol SMB/NFS shares (I run a Ubuntu Server in VM that needed NFS to access those datapoints, run all my daemons). Here is my network config (hostname and domain redacted).

I theorized initially that Mullvad, or their DNS servers might be the culprit, but I restored a backup to a point before any packages were installed, and the same problem persisted.

I always follow this guide to setup my Mullvad connection and routing: https://mullvad.net/en/help/pfsense-with-wireguard

Per the guide, my WAN_DHCP is the the default gateway.

My LAN rules:

I tried adding extra rules and port forwards, but it has no effect. And the problem persisted when there was no Mullvad at all, so it is not that.

I suspect that the likely culprit is DNS Resolver, but for the life of me, I cannot figure what is causing the problem.

I am running Quad9 over SSL.

Can anybody help me suss out why my samba shares, which were working perfectly fine before I had to reinstall pfSense, are now suddenly not visible, not accessible through domain, and can only be mounted via IP? I have been wrestling with this too long and need a fresh set of eyes on it. Thank you.

johnpoz

@n3IVI0 and does the fqdn resolve? Do a simple test using your fav dns tool, dig, nslookup, host, doggo

Does it resolve to the IP..

example - here is my nas fqdn resolving to its ip

$ dig nas.home.arpa                                                       
                                                                          
; <<>> DiG 9.16.50 <<>> nas.home.arpa                                     
;; global options: +cmd                                                   
;; Got answer:                                                            
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6355                  
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1      
                                                                          
;; OPT PSEUDOSECTION:                                                     
; EDNS: version: 0, flags:; udp: 1232                                     
;; QUESTION SECTION:                                                      
;nas.home.arpa.                 IN      A                                 
                                                                          
;; ANSWER SECTION:                                                        
nas.home.arpa.          1065    IN      A       192.168.9.10              
                                                                          
;; Query time: 3 msec                                                     
;; SERVER: 192.168.3.10#53(192.168.3.10)                                  
;; WHEN: Wed Jun 05 05:05:11 Central Daylight Time 2024                   
;; MSG SIZE  rcvd: 58                                                     

n3IVI0

@johnpoz Here's the result with dig:

johnpoz

@n3IVI0 well why would you think 9.9.9.9 know anything about your local resources.. Do you own home.com, somehow I find that unlikely..

n3IVI0

@johnpoz In the past, I only needed to specify a domain for LAN purposes. Then my clients could see it and connect to it.

johnpoz

@n3IVI0 well you were prob registering dhcp? I would not suggest you use some public domain like home.com - use something like the recommended home.arpa as your domain. Setup a dhcp reservation for your nas, or host override to point to its ip..

And you client can be asking 9.9.9.9 directly - since they are never going to have a clue about your local resources now are they.

n3IVI0

@johnpoz Will home.arpa work for each device?

johnpoz

@n3IVI0 I use home.arpa for all my local resources - it is the recommended domain currently to use for local resources.

https://datatracker.ietf.org/doc/html/rfc8375
Special-Use Domain 'home.arpa.'

And it is what pfsense currently defaults too.

You still need to have records for what you want to resolve.

n3IVI0

@johnpoz That fixed it immediately. And as most things are when you have knowledge, it was easy to fix. Thanks for the tip!

n3IVI0

@n3IVI0 Figured out what was causing all the trouble. I had switched to Kea DHCP. Switched back to ISC DHCP, told it to stop nagging about the deprecation, then I could go into DNS Resolver and tell it to register all my static DHCP leases in the DNS Resolver. Zip. Suddenly my shares were back, and could be seen in Network again. Thanks for the help.

johnpoz

@n3IVI0 no problem glad you got it sorted, so your dhcp being kea was also handing out 9.9.9.9 to your clients for dns?

n3IVI0

@johnpoz Looks like. Dig looks different. Getting through to the domain like it used to. That's the thing that changed that FUBAR'd it. I changed to Kea.