Unable to set up DNS server + forwarder

  • I am running 2.0-BETA1 snapshot 2010.03.08 01:13

    I am trying to set up DNS like this:

    1. When a client connects on LAN by DHCP, then serve it the pfSense LAN address as DNS server
    2. When a client digs for an address on the local LAN, use tinyDNS to serve it (servers, kerberos, LDAP, …)
    3. For all other request, forward to the WAN server(s)

    If I use the native "DNS forwarder", it works fine for forwarding to WAN (item 1 and 3 above).

    Then I set up tinyDNS to serve a few records for the local LAN on,
    and in "DNS forwarder" I "override" an entire domain "kx.lan" -> "".

    Now the clients still get a DNS when connecting by DHCP,
    and the clients are still able to dig addresses out on the internet.

    However, clients are NOT able to dig addresses on the local LAN.

    Indeed, a shell on pfSense shows that correctly resolves addresses on the local LAN,
    but the DNS on the local LAN address does NOT.

    The system log shows:
    dnsmasq[39813]: ignoring nameserver - local interface

    Uh oh, why would dnsmasq want to ignore the tinyDNS I just set up ??

    Anyways, now I try to rely on tinyDNS only:
    Disable the native "DNS forwarder", but in tinyDNS tick "Enable DNS Forwarders".

    And indeed a shell on pfSense shows that now both and the local LAN address resolves the local entries as well as addresses out on the internet.
    BUT, now clients connecting with DHCP are not given a DNS server.

    And after rebooting with the above configuration, the DHCP server is not started at all!

    Any suggestions on how to solve this would be most appreciated.

    Is it a bug, that "DNS forwarder" aka dnsmasq does not want to talk to my local tinyDNS server?
    Is it a bug, that when diabling "DNS forwarder" aka dnsmasq and enabeling the tinyDNS server, this DHCP does not serve the DNS address?

  • What happens if you enter the LAN-IP of your router? Then it should work.

  • Thanks for the hint. Unfortunately the DCHP server does still not serve the DNS address to clients.

    And it gets worse…

    I did a fresh install of 2010.03.08 01:34 and updated to 2010.03.13 21:23.

    I installed the tinyDNS package, and changed the binding address to the local LAN.
    Now the local LAN IP port 53 correctly does recursive lookup to the internet, but times out on trying to resolve anything on the local LAN.
    And tinyDNS binds to both and the local LAN IP.

    And after reboot, tinyDNS starts up (but now only binds to the local LAN IP), but the GUI says that the package is not installed! Guess that is another bug...
    So, I reinstall the tinyDNS package (which now again shows in the GUI).
    TinyDNS now resolves, but the DHCP server still does not serve the DNS address to clients.

    And it gets worse still...

    Now I uninstall TinyDNS, and start the native DNS forwarder.
    This totally breaks the system - aperantly both TinyDNS and the native DNS forwarder are now competing to bind to port 53.
    After a reboot, only the native DNS forwarder is left, and works as expected.

  • kaarposoft: Instead of 2), why don't you just register your LAN systems in the DNS forwarder? Or assign them all an address by DHCP and register the DHCP leases in DNS forwarder?

    I don't see why you want to use TinyDNS on pfSense with DNS forwarder. But maybe thats because I don't understand what you mean by When a client digs for an address on the local LAN

  • Because I do not just need to register an A record for the client. I need SRV and TXT records for kerberos, LDAP etc.

  • Tinydns doesn't support SRV records, at least short of having a patch that we don't include (AFAIK).

  • Well, you can define "raw" records in TinyDNS (even from the pfSense GUI).
    And there is even a nice online tool for building the complex syntax: http://www.anders.com/projects/sysadmin/djbdnsRecordBuilder/
    It works with SRV records as well.

Log in to reply