Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tinydns dnscache and dns forwarder

    Scheduled Pinned Locked Moved
    DHCP and DNS
    2
    4
    8.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      emabiz
      last edited by

      Hi,
      I've found a simple solution to use both internal dns forwarder and tinydns.

      I've enabled dns forwarder to serve internal clients and resolve local hosts into local ips (split horizon).
      I've configured tinydns listening on WAN IP to serve external requests as authoritative server (for my domains). No firewall rule.
      I've change the listen ip written in /service/dnscache/env/IP with 127.0.0.1.

      Could this solution be wrong, or cause problems?
      Is there a better solution, that avoid to manually configure dnscache?

      Thank you for help,
      Emanuele

      PS. Sorry fo my poor english.

      1 Reply Last reply Reply Quote 0
      • E
        emabiz
        last edited by

        Hi,
        I've found an issue into my previous configuration.
        The resolution fails for domains managed by tinydns, if the request comes from lan clients.

        Now my configuration is:

        General setup
          DNS servers:
          a.b.c.d
          e.f.g.h

        WAN
          ip address a.b.c.d

        VIRTUAL IP:
          ip address e.f.g.h

        NAT
          WAN  UDP  53  127.0.0.1 (ext.: any) 53

        Rules
          UDP  *  *  127.0.0.1  53

        TinyDNS and dnscache listening on 127.0.0.1

        TinyDns domain records:
        example.com  SOA  ns1.example.com
        example.com  SOA  ns2.example.com

        ns1.example.com  A  w1.x1.y1.z1
        ns2.example.com  A w2.x2.y2.z2

        Internal DNS forwarder enabled

        Now, if an internal client try to resolve  ns1.example.com, it fails.

        I can't understand how to configure both autoritative dns and split horizon, on the same machine.

        Help would be appreciated,
        thank you

        Emanuele

        1 Reply Last reply Reply Quote 0
        • I
          infratek
          last edited by

          Hello,

          I have a similar issue.
          Multi-wan setup.
          Each public ip NATed to 172.0.0.1.
          Tinydns listening on 127.0.0.1.

          External dns requests work well.

          Internal dns requests time out, even though the NAT reflection for DNS traffic is configured.

          Any reason for that ?
          Is it because tinydns is istening on 127.0.0.1, which is also used by NAT reflection ?

          Thanks.

          1 Reply Last reply Reply Quote 0
          • E
            emabiz
            last edited by

            Hi,
            thankyou for unlock topic.

            Hi infratek, did you resolve?
            I've resolved overriding domains in "Services -> Dns Forwarder" for domains managed by TinyDns.
            The section is "Below you can override an entire domain by specifying an authoritative dns server to be queried for that domain".
            I've insert 127.0.0.1 inside field "IP address of the authoritative DNS server for this domain".

            I know it is not the best solution, but it works and I don't find nothing better than this.

            So this is my configuration in order to have a single machine with authoritative dns and dns forwarder:

            • "General Setup -> Dns Servers": configure external dns ips

            • "Services -> Dns Forwarder": enable dns forwarder and configure forwarded hosts and forwarder domains (the ones managed by TinyDns): Configure "IP address of the authoritative DNS server for this domain" to 127.0.0.1

            • "Dns Servers -> Settings": configure Binding IP Address to 127.0.0.1 and enable dns forwarder

            • "Dns Servers -> Add/Edit record": configure zones

            The only thing that doesn't work is dns resolution for CNAME records.

            I hope this will be usefull for other users.

            Thankyou,
            emanuele

            1 Reply Last reply Reply Quote 0
            • First post
              Last post