Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Forwarder returns internal A record, but also external CNAME

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      qBaz
      last edited by

      I've got several local records set up in the DNS forwarder on my pfSense box, running 1.2.3.  When I query the forwarder, I get the (correct) internal A record, but I also get the CNAME records from outside, which makes accessing internal services a little inconsistent.

      In the example shown in the screenshots, the record "vox.baz.org" has an internal A record on the DNS forwarder, and CNAME records in the zone served externally.  When I run "host -v vox.baz.org" I get the following back from the DNS forwarder on the pfSense machine:

      Trying "vox.baz.org"
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49541
      ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
      
      ;; QUESTION SECTION:
      ;vox.baz.org.			IN	A
      
      ;; ANSWER SECTION:
      vox.baz.org.		0	IN	A	172.17.1.12
      
      Received 45 bytes from 172.17.1.1#53 in 2 ms
      Trying "vox.baz.org"
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27151
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
      
      ;; QUESTION SECTION:
      ;vox.baz.org.			IN	AAAA
      
      ;; ANSWER SECTION:
      vox.baz.org.		81989	IN	CNAME	baz.is-a-geek.net.
      
      ;; AUTHORITY SECTION:
      is-a-geek.net.		1562	IN	SOA	ns1.dyndns.org. hostmaster.dyndns.org. 2011252371 10800 1800 604800 1800
      
      Received 118 bytes from 172.17.1.1#53 in 20 ms
      Trying "vox.baz.org"
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19973
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
      
      ;; QUESTION SECTION:
      ;vox.baz.org.			IN	MX
      
      ;; ANSWER SECTION:
      vox.baz.org.		81989	IN	CNAME	baz.is-a-geek.net.
      
      ;; AUTHORITY SECTION:
      is-a-geek.net.		1562	IN	SOA	ns1.dyndns.org. hostmaster.dyndns.org. 2011252371 10800 1800 604800 1800
      
      Received 118 bytes from 172.17.1.1#53 in 18 ms
      

      Seems like it should just return the A record, no?  As memory serves, I believe this behavior cropped up when I upgraded to 1.2.3.

      DNS-forwarder.png
      DNS-forwarder.png_thumb
      General-setup.png
      General-setup.png_thumb

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.