DNS Resolver Host Overrides

thezfunk · Aug 27, 2024, 2:00 AM

Hey Guys,

First of all, I do have pfblocker running and I am wondering if that is the cause of all this...I read in another thread from 2020 that might be part of the problem. My host overrides aren't working, I am pretty sure they used to but I haven't check in awhile.

The pfsense.mydomain.us is working and sending me to pfSense.
The hassio.mydomain.us seems to be directing to my Home Assistant but it is trying to HTTPS which I don't have enabled on it.
I am using my Synology to host a website and I have port 80 and 443 forwarding to my Synology. For this one I just have www mydomain.us going to my Synology so that when you hit my domain from outside, Synology forwards the web request to my Synology webserver. However, that is not working. When I try to pull mydomain.us, it tries to pull up my pfSense? I am not sure what is going on.

SteveITS · Aug 27, 2024, 3:39 AM

@thezfunk HTTP vs HTTPS is a browser question not DNS.

Re port forwards, if you are inside did you enable reflection on the forward?

thezfunk · Aug 27, 2024, 4:01 AM

@SteveITS said in DNS Resolver Host Overrides:

@thezfunk HTTP vs HTTPS is a browser question not DNS.

Re port forwards, if you are inside did you enable reflection on the forward?

What do you mean reflection on the forward?

Maybe I tried giving too much information and wasn't clear. I was interrupted while typing it out. To pull up my Synology webpage, internally, my host overrides in my DNS resolver are not working for the synology.

SteveITS · Aug 27, 2024, 4:08 AM

@thezfunk if you use nslookup does it work? Are you using pfSense as your DNS server?

thezfunk · Aug 27, 2024, 4:14 AM

@SteveITS said in DNS Resolver Host Overrides:

@thezfunk if you use nslookup does it work? Are you using pfSense as your DNS server?

I am using pfSense as my DNS server. DNS Resolver.

DNS Lookup from pfSense returns my external IP. nslookup on my Windows PC is also giving me my external IP.

bebewold · Aug 27, 2024, 4:46 AM

@thezfunk the DNSs your devices are using, are they pointing to the internal IP of your pfsense or is it an external IP? you might not be sending your DNS queries to the right server

thezfunk · Aug 27, 2024, 5:08 AM

@bebewold said in DNS Resolver Host Overrides:

@thezfunk the DNSs your devices are using, are they pointing to the internal IP of your pfsense or is it an external IP? you might not be sending your DNS queries to the right server

Everything is pointed at pfSense for DNS. Everything. I also use pfblocker on pfSense and I have rules that block DNS queries from leaving the LAN to keep stuff from getting around pfblocker.

Gertjan · Aug 27, 2024, 6:54 AM

@thezfunk said in DNS Resolver Host Overrides:

I am using my Synology to host a website and I have port 80 and 443 forwarding to my Synology. For this one I just have www mydomain.us going to my Synology so that when you hit my domain from outside, Synology forwards the web request to my Synology webserver. However, that is not working. When I try to pull mydomain.us, it tries to pull up my pfSense? I am not sure what is going on.

It's time to show your NAT rule(s) and the affiliated WAN firewall rule(s).

@thezfunk said in DNS Resolver Host Overrides:

seems to be directing to my Home Assistant

What is a home assistant ?
I've got one, though I can't NAT my wife ....

@thezfunk said in DNS Resolver Host Overrides:

DNS Lookup from pfSense returns my external IP. nslookup on my Windows PC is also giving me my external IP.

When you "lookup" locally the host name of your syno ?
Then I've got a story for you.
Let's say you work in a company. With a sales, accounting, assembly and logistics department.
When you, as an accountant, sitting at your desk in the company, wants to call Fred at sales, do you call the main public phone number of your company (hosted by Stephany) and ask her to put through Fred at sales ?
Or do you call the direct 'local' number of Fred, as you are both behind the companies PABX !?
For networking : it's the same.

Let's presume your Syno has 192.168.1.10
Your PC is using 192.168.1.15
From the outside, your Syno needs to be reached with the host name "hassio.mydomain.us", right ?

On pfSense, create a host override - or even better, a static DHCP MAC lease for your Syno :

Save (apply unbound settings) and done.

Now, on your LAN, when you use ""hassio.mydomain.us", the local IP 192.168.1.10 gets used.
Whne visiting from the Internet, "hassio.mydomain.us" will be resolved to your WAN IP (and some NATting to the Syno will take care of the rest).
I presume you've set up some DynDNS or classic DNS setup for "hassio.mydomain.us" so it points to your WAN.

@thezfunk said in DNS Resolver Host Overrides:

First of all, I do have pfblocker running and I am wondering if that is the cause of all this...I read in another thread from 2020 that might be part of the problem.

If you think that pfBlockerng is part of the issue, then stop thinking.
Fact check right away, it takes 5 seconds max to rule out, or proof this.

Remove the check from the Enable button, save and for good measures, restart Unbound.
You've just ruled out pfBlocker.

Still doubt or unknown result ? Check if "hassio.mydomain.us" or "mydomain.us" is present in one of, your DNSBL lists (that would be the joke of the year ^^).

thezfunk · Aug 27, 2024, 7:29 PM

@Gertjan

I tested disabling pfblocker and reloaded DNS Resolver and nothing changed.

I don't think hassio is important at this point and is just causing confusion here. Hassio is my Home Assistant running on a raspberry Pi3. It is a smart home management system and I highly recommend it.

My Synology is getting a reserved IP which I have set in the pfSense DHCP server for it's MAC.

I already have the host override set in the DNS Resolver on pfSense as you described and it isn't working which is why I am posting here.

When I attempt to connect to the webpage hosted from my Synology using my domain from outside, it connects just fine. The webpage loads and works. pfSense is passing those requests and returning the result just fine (NAT/Rules). When I attempt to use my domain internally, that's the problem.

johnpoz · Aug 27, 2024, 7:50 PM

@thezfunk said in DNS Resolver Host Overrides:

When I attempt to use my domain internally, that's the problem.

With a browser - you sure your browser isn't using doh..

Host overrides are pretty straight forward, test with say nslookup or dig or any of the other tools to actually do a dns query. This will tell you if your host override is working or not.

If you query directly to pfsense IP and you don't get the answer you put in for host override then you didn't put in the host override correctly, etc..

But stuff not working in a browser - can pretty much tell you its because its using doh.. These browsers love to point you to them for dns, without really telling you they are doing it - you know for your own good < rolleyes>

Here - just created a test host override, and you can see pfsense (unbound) is answering the IP in I put in when I ask it.