DNS Forwarder Domain Override buggy?

  • Hi,

    it seems to me that the domain override feature ist not working. If i configure a override for the domain e.g. xyz.local to DNS Server (in other via IPSEC VPN connected network) nothing happens.

    To override a single Host is no problem - that's working!

    Any idea?

    ps: i have RC3b

  • You need a fake route to send the traffic to the remote dns-server into the tunnel. Add a static route at system>static routes to <ip of="" remote="" dns-server="">/32 through gateway <local lan="" ip="" of="" your="" pfsense="">.</local></ip>

  • Great - that's the solution - it works fine now!

    Here is another Question i dont realize why its not working: In my local LAN pfsense acts as a DHCP Server. In the DNS Forwarder i configured that leases should be registered in the forwarder. In that case the Forwarder should resolve the local Hostnames to IP Adresses … and this is exactly what it is not doing?!

    Some Information what ipconfig is reporting about my network:

    Hostname: zaphod
    Primary DNS Suffix:
    Connection Specific DNS Suffix: daheim.local

    pfsense is listing my Hostaname at Status/DHCP leases as "Zaphod"

    And here is what nslookup tells me:

    -------------------------- SNIP ------------------------
    Standardserver:  wall.daheim.local

    wall.daheim.local                        (This is a test ... its pfsense itself)
    Server:  wall.daheim.local

    Name:    wall.daheim.local             

    zaphod.daheim.local                    (Not working with zaphod)
    Server:  wall.daheim.local

    *** zaphod.daheim.local wurde von wall.daheim.local nicht gefunden: Non-existent

    Zaphod.daheim.local                    (Not working with Zaphod)
    Server:  wall.daheim.local

    *** Zaphod.daheim.local wurde von wall.daheim.local nicht gefunden: Non-existent
    -------------------------- SNIP ------------------------

    Is there something wrong with my configuration or is there a reason why thats not working?
    Thanks in advance ...

  • Check your clients systemsetting if your clients are in the correct domain. Does it work if you only try to resolve "zaphod" instead of "zaphod.daheim.local".

  • "ping zaphod" without "daheim.local" is working! If I "ping localhost" the reply is "zaphod" not "zaphod.daheim.local".

    But does it realy matter? I think, if I (like i did) query a DNS server via NSLOOKUP and the resolver answers with "…Non-existent domain", it should not be a problem of the client machine?!

    Is there a way to look into the table, where the DNS server holds its entrys? I found nothing in the status or diagnostic page or status.php.

Log in to reply