• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Resolving CNAMEs with DNS Resolver & domain overrides

Scheduled Pinned Locked Moved DHCP and DNS
3 Posts 2 Posters 404 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jakub.krauz
    last edited by jakub.krauz Sep 4, 2024, 5:50 AM Sep 4, 2024, 5:49 AM

    I'm struggling to configure pfSense DNS resolver to forward queries for a specific internal domain to an internal DNS server, while acting as a resolver for everything else.

    Problem: The internal DNS server is recursive, and fully resolves CNAMEs. I added the corresponding domain override to the pfSense resolver configuration, it forwards DNS queries for the internal domain correctly, but it ignores the recursive answer. I confirmed (by watching traffic with tcpdump) that the internal DNS server responds with a full recursive answer, i.e. including target A records for a given CNAME. However, pfSense only replies to the client with the CNAME value. I couldn't find any setting to make it forward the full recursive answer.

    One possible solution I was thinking about is to activate both DNS forwarder and DNS resolver in pfSense. Forwarder would be listening on the standard port 53, and forwarding queries to the resolver running on a different port, e.g. 54. The internal domain override would be configured in the forwarder, ensuring the full recursive answer gets forwarded (tested & confirmed forwarder does return the full answer). It seems rather complicated though, I'm wondering if there is a better solution?

    Thank you,
    Jakub

    G 1 Reply Last reply Sep 4, 2024, 6:16 AM Reply Quote 0
    • G
      Gertjan @jakub.krauz
      last edited by Gertjan Sep 4, 2024, 6:18 AM Sep 4, 2024, 6:16 AM

      @jakub-krauz

      @jakub-krauz said in Resolving CNAMEs with DNS Resolver & domain overrides:

      pfSense DNS resolver to forward queries for a specific internal domain to an internal DNS server

      Like this : https://superuser.com/questions/1753898/how-to-configure-a-forward-zone-to-handle-nested-domains ?

      Custom options should look like :

      181f757c-7704-4919-b549-849aa47651c6-image.png

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      J 1 Reply Last reply Sep 4, 2024, 8:27 PM Reply Quote 0
      • J
        jakub.krauz @Gertjan
        last edited by Sep 4, 2024, 8:27 PM

        @Gertjan Thank you for your response. I tested with the custom options as you suggested, but it gave me the same results as previously with domain overrides.

        I realised however what the problem was - the CNAME in question was pointing to a completely different domain (a DNS name of an ALB in AWS). I first confirmed that CNAMEs pointing to records within the same domain do actually resolve correctly. Adding another override for the domain of the ALB resolved the problem for me.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received