Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Resolver Host Overrides

    Scheduled Pinned Locked Moved DHCP and DNS
    10 Posts 5 Posters 922 Views 6 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      thezfunk
      last edited by

      Hey Guys,

      First of all, I do have pfblocker running and I am wondering if that is the cause of all this...I read in another thread from 2020 that might be part of the problem. My host overrides aren't working, I am pretty sure they used to but I haven't check in awhile.

      The pfsense.mydomain.us is working and sending me to pfSense.
      The hassio.mydomain.us seems to be directing to my Home Assistant but it is trying to HTTPS which I don't have enabled on it.
      I am using my Synology to host a website and I have port 80 and 443 forwarding to my Synology. For this one I just have www mydomain.us going to my Synology so that when you hit my domain from outside, Synology forwards the web request to my Synology webserver. However, that is not working. When I try to pull mydomain.us, it tries to pull up my pfSense? I am not sure what is going on.

      S GertjanG 2 Replies Last reply Reply Quote 0
      • S Offline
        SteveITS Galactic Empire @thezfunk
        last edited by

        @thezfunk HTTP vs HTTPS is a browser question not DNS.

        Re port forwards, if you are inside did you enable reflection on the forward?

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
        Upvote ๐Ÿ‘ helpful posts!

        T 1 Reply Last reply Reply Quote 0
        • T Offline
          thezfunk @SteveITS
          last edited by

          @SteveITS said in DNS Resolver Host Overrides:

          @thezfunk HTTP vs HTTPS is a browser question not DNS.

          Re port forwards, if you are inside did you enable reflection on the forward?

          What do you mean reflection on the forward?

          Maybe I tried giving too much information and wasn't clear. I was interrupted while typing it out. To pull up my Synology webpage, internally, my host overrides in my DNS resolver are not working for the synology.

          S 1 Reply Last reply Reply Quote 0
          • S Offline
            SteveITS Galactic Empire @thezfunk
            last edited by

            @thezfunk if you use nslookup does it work? Are you using pfSense as your DNS server?

            Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
            Upvote ๐Ÿ‘ helpful posts!

            T 1 Reply Last reply Reply Quote 0
            • T Offline
              thezfunk @SteveITS
              last edited by

              @SteveITS said in DNS Resolver Host Overrides:

              @thezfunk if you use nslookup does it work? Are you using pfSense as your DNS server?

              I am using pfSense as my DNS server. DNS Resolver.

              DNS Lookup from pfSense returns my external IP. nslookup on my Windows PC is also giving me my external IP.

              B 1 Reply Last reply Reply Quote 0
              • B Offline
                bebewold @thezfunk
                last edited by

                @thezfunk the DNSs your devices are using, are they pointing to the internal IP of your pfsense or is it an external IP? you might not be sending your DNS queries to the right server

                T 1 Reply Last reply Reply Quote 0
                • T Offline
                  thezfunk @bebewold
                  last edited by thezfunk

                  @bebewold said in DNS Resolver Host Overrides:

                  @thezfunk the DNSs your devices are using, are they pointing to the internal IP of your pfsense or is it an external IP? you might not be sending your DNS queries to the right server

                  Everything is pointed at pfSense for DNS. Everything. I also use pfblocker on pfSense and I have rules that block DNS queries from leaving the LAN to keep stuff from getting around pfblocker.

                  1 Reply Last reply Reply Quote 0
                  • GertjanG Offline
                    Gertjan @thezfunk
                    last edited by

                    @thezfunk said in DNS Resolver Host Overrides:

                    I am using my Synology to host a website and I have port 80 and 443 forwarding to my Synology. For this one I just have www mydomain.us going to my Synology so that when you hit my domain from outside, Synology forwards the web request to my Synology webserver. However, that is not working. When I try to pull mydomain.us, it tries to pull up my pfSense? I am not sure what is going on.

                    It's time to show your NAT rule(s) and the affiliated WAN firewall rule(s).

                    @thezfunk said in DNS Resolver Host Overrides:

                    seems to be directing to my Home Assistant

                    What is a home assistant ?
                    I've got one, though I can't NAT my wife ....

                    @thezfunk said in DNS Resolver Host Overrides:

                    DNS Lookup from pfSense returns my external IP. nslookup on my Windows PC is also giving me my external IP.

                    When you "lookup" locally the host name of your syno ?
                    Then I've got a story for you.
                    Let's say you work in a company. With a sales, accounting, assembly and logistics department.
                    When you, as an accountant, sitting at your desk in the company, wants to call Fred at sales, do you call the main public phone number of your company (hosted by Stephany) and ask her to put through Fred at sales ?
                    Or do you call the direct 'local' number of Fred, as you are both behind the companies PABX !?
                    For networking : it's the same.

                    Let's presume your Syno has 192.168.1.10
                    Your PC is using 192.168.1.15
                    From the outside, your Syno needs to be reached with the host name "hassio.mydomain.us", right ?

                    On pfSense, create a host override - or even better, a static DHCP MAC lease for your Syno :

                    d4aa4f63-f635-46c5-89ef-41531331f961-image.png

                    Save (apply unbound settings) and done.

                    Now, on your LAN, when you use ""hassio.mydomain.us", the local IP 192.168.1.10 gets used.
                    Whne visiting from the Internet, "hassio.mydomain.us" will be resolved to your WAN IP (and some NATting to the Syno will take care of the rest).
                    I presume you've set up some DynDNS or classic DNS setup for "hassio.mydomain.us" so it points to your WAN.

                    @thezfunk said in DNS Resolver Host Overrides:

                    First of all, I do have pfblocker running and I am wondering if that is the cause of all this...I read in another thread from 2020 that might be part of the problem.

                    If you think that pfBlockerng is part of the issue, then stop thinking.
                    Fact check right away, it takes 5 seconds max to rule out, or proof this.

                    e4497eab-841f-4b7e-b7e8-228837641066-image.png

                    Remove the check from the Enable button, save and for good measures, restart Unbound.
                    You've just ruled out pfBlocker.

                    Still doubt or unknown result ? Check if "hassio.mydomain.us" or "mydomain.us" is present in one of, your DNSBL lists (that would be the joke of the year ^^).

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    T 1 Reply Last reply Reply Quote 1
                    • T Offline
                      thezfunk @Gertjan
                      last edited by

                      @Gertjan

                      I tested disabling pfblocker and reloaded DNS Resolver and nothing changed.

                      I don't think hassio is important at this point and is just causing confusion here. Hassio is my Home Assistant running on a raspberry Pi3. It is a smart home management system and I highly recommend it.

                      My Synology is getting a reserved IP which I have set in the pfSense DHCP server for it's MAC.

                      I already have the host override set in the DNS Resolver on pfSense as you described and it isn't working which is why I am posting here.

                      When I attempt to connect to the webpage hosted from my Synology using my domain from outside, it connects just fine. The webpage loads and works. pfSense is passing those requests and returning the result just fine (NAT/Rules). When I attempt to use my domain internally, that's the problem.

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ Offline
                        johnpoz LAYER 8 Global Moderator @thezfunk
                        last edited by johnpoz

                        @thezfunk said in DNS Resolver Host Overrides:

                        When I attempt to use my domain internally, that's the problem.

                        With a browser - you sure your browser isn't using doh..

                        Host overrides are pretty straight forward, test with say nslookup or dig or any of the other tools to actually do a dns query. This will tell you if your host override is working or not.

                        If you query directly to pfsense IP and you don't get the answer you put in for host override then you didn't put in the host override correctly, etc..

                        But stuff not working in a browser - can pretty much tell you its because its using doh.. These browsers love to point you to them for dns, without really telling you they are doing it - you know for your own good < rolleyes>

                        Here - just created a test host override, and you can see pfsense (unbound) is answering the IP in I put in when I ask it.

                        hostover.jpg

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.