DNS Forwarder returns internal A record, but also external CNAME



  • I've got several local records set up in the DNS forwarder on my pfSense box, running 1.2.3.  When I query the forwarder, I get the (correct) internal A record, but I also get the CNAME records from outside, which makes accessing internal services a little inconsistent.

    In the example shown in the screenshots, the record "vox.baz.org" has an internal A record on the DNS forwarder, and CNAME records in the zone served externally.  When I run "host -v vox.baz.org" I get the following back from the DNS forwarder on the pfSense machine:

    Trying "vox.baz.org"
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49541
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;vox.baz.org.			IN	A
    
    ;; ANSWER SECTION:
    vox.baz.org.		0	IN	A	172.17.1.12
    
    Received 45 bytes from 172.17.1.1#53 in 2 ms
    Trying "vox.baz.org"
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27151
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;vox.baz.org.			IN	AAAA
    
    ;; ANSWER SECTION:
    vox.baz.org.		81989	IN	CNAME	baz.is-a-geek.net.
    
    ;; AUTHORITY SECTION:
    is-a-geek.net.		1562	IN	SOA	ns1.dyndns.org. hostmaster.dyndns.org. 2011252371 10800 1800 604800 1800
    
    Received 118 bytes from 172.17.1.1#53 in 20 ms
    Trying "vox.baz.org"
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19973
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;vox.baz.org.			IN	MX
    
    ;; ANSWER SECTION:
    vox.baz.org.		81989	IN	CNAME	baz.is-a-geek.net.
    
    ;; AUTHORITY SECTION:
    is-a-geek.net.		1562	IN	SOA	ns1.dyndns.org. hostmaster.dyndns.org. 2011252371 10800 1800 604800 1800
    
    Received 118 bytes from 172.17.1.1#53 in 18 ms
    

    Seems like it should just return the A record, no?  As memory serves, I believe this behavior cropped up when I upgraded to 1.2.3.





Log in to reply