DNS domain override not working



  • When I use the DNS Forwarder to specify a domain to be overridden, it's not working. The DNS server is at the other end of an IPSec tunnel and I can do a manual lookup from my computer behind the pfSense box to the remote IP using nslookup and it works fine, but if I put the IP of that remote server into the DNS forwarder box to override DNS for domain.local, when I do lookups for domain.local (from my computer to the forwarder) it fails, like it's not even trying to use the overridden server at all. I've allowed the firewall's IP on the Rules for IPsec to the remote subnet (all TCP/IP allow), not sure if there's another rule I'm missing. I'm not seeing any attempts to connect in the firewall logs either.

    Snapshot Wed Aug 25 02:21:33 EDT 2010 i386





  • Ahhh! After a search of the forums (2.0 forums at least since it seemed like a bug) turns up nothing and me having read most of the pfSense book recently and not seeing that info…quite non-obvious and harder than pfSense usually makes it (and I must have missed it). But, thanks for the link and for there being a workaround :-) Is there a reason this route is not added by pfSense automatically for known networks at the other end of IPsec tunnels?

    I did test the solution, though the steps are a bit longer in 2.0 (have to add the new gateway first--and the "add one now" link from the Static Routes page didn't actually do anything when I clicked it, perhaps this is a real bug) it seems to be working now both for ping and for the DNS Override. Thanks!


Log in to reply