Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Local laptop/iPad sporadically getting external IP for a local server

    DHCP and DNS
    2
    9
    4447
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eduardr last edited by

      pfSense Nano 1.2.3 on Netgate ALIX box
      1 Comcast CABLE WAN DHCP external IP
      Local network 192.168.0.x
      Local server 192.168.0.10
      DNS Forwarder on, DHCP DNS override on
      Named static DHCP MAC entry for the local server 192.168.0.10

      For some reason, my laptop and iPad are sporadically getting the external WAN
      IP when trying to connect to the local server by name, rather than getting
      192.168.0.10. On the laptop I need to do dscacheutil -flushdns to get it to
      see the correct 192.168.0.10 address again. On the iPad I don't have that option
      but rebooting it usually fixes the problem at least temporarily.

      Any clues on how to troubleshoot or possible problems?
      Time to try 2.0 BETA? :)

      Thanks!
      –Ed

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Is there also a DNS entry for that same server name that resolves to your WAN IP from the external DNS server?

        Are you sure that these internal clients are using only your pfSense LAN IP as their DNS server?

        1 Reply Last reply Reply Quote 0
        • E
          eduardr last edited by

          Yes, there IS a DNS entry in external DNS for the same server name that resolves to the external WAN IP. And this is the address that gets sporadically seen by internal machines.

          Internal clients are configured by pfSense DHCP to get dns info from 192.168.0.1. No hardcoded DNS servers on the internal clients.

          I'll be giving 2.0 beta 4 a go as soon as I receive my USB compact flash reader.

          Thanks!
          –Ed

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            I can't remember if it was the iPad or the Kindle, but someone on the forum here was mentioning something weird about the way it resolves with DNS, that it almost forces it out the WAN and doesn't expect replies from a local name server. I think that may have been the Kindle though, not the iPad.

            It might be worth doing a packet capture on the LAN for the device's IP address and watching to see what happens when it gets the incorrect entry.

            1 Reply Last reply Reply Quote 0
            • E
              eduardr last edited by

              According to some info I googled, the Mac mDNSResponder does
              some funny stuff.

              For ex., when using ping, dig, nslookup,
              /etc/resolv.conf is used and results are as expected:

              "ping panda"

              64 bytes from 10.1.1.10: icmp_seq=0 ttl=64 time=0.130 ms

              "dig panda"

              ; <<>> DiG 9.6.0-APPLE-P2 <<>> panda
              ;; global options: +cmd
              ;; Got answer:
              ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5954
              ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

              ;; QUESTION SECTION:
              ;panda. IN A

              ;; ANSWER SECTION:
              panda. 1 IN A 10.1.1.10

              ;; Query time: 3 msec
              ;; SERVER: 10.1.1.1#53(10.1.1.1)
              ;; WHEN: Thu Oct 14 12:22:53 2010
              ;; MSG SIZE  rcvd: 39

              "nslookup panda"

              Server: 10.1.1.1
              Address: 10.1.1.1#53

              Address: 10.1.1.10

              ================================================

              However using the mDNSResponder (used by most Mac services)
              I get my external WAN IP:

              "dscacheutil -q host -a name panda"

              ip_address: 98.xxx.xxx.xxx

              ================================================

              One article suggested that Mac is looking for A or AAAA DNS records, and it
              could be that when requesting the AAAA record, it resolves to the external WAN
              IP. I don't know much about AAAA records and it doesn't look like there's a
              place to specify an AAAA record in pfSense.

              I've verified that the Mac has ONLY the pfSense local IP as the DNS, and the
              pfSense DNS forwarder is on and registering the static local DHCP IP's.
              And I've flushed the mDNSResponder cache repeatedly.

              1 Reply Last reply Reply Quote 0
              • E
                eduardr last edited by

                I did a tcpdump on port 53 and captured the output for
                "dscacheutil -q host -a name panda":

                (I've replaced my domain with "mydomain" and my external IP
                with 98.xxx.xxx.xxx in the text below). Still can't understand why
                it's resolving to the external WAN IP instead of the internal
                static dhcp address.

                sudo tcpdump port 53

                tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
                listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes
                13:04:07.910775 IP tiger.mydomain.com.62310 > router.mydomain.com.domain: 27878+ AAAA? panda.mydomain.com. (39)
                13:04:07.924733 IP router.mydomain.com.domain > tiger.mydomain.com.62310: 27878 1/1/0 CNAME mydomain.com. (123)
                13:04:07.924964 IP tiger.mydomain.com.55111 > router.mydomain.com.domain: 55178+ AAAA? mydomain.com. (33)
                13:04:07.939512 IP router.mydomain.com.domain > tiger.mydomain.com.55111: 55178 0/1/0 (103)
                13:04:07.939945 IP tiger.mydomain.com.62372 > router.mydomain.com.domain: 25705+ AAAA? panda.dolcera.net. (35)
                13:04:07.953756 IP router.mydomain.com.domain > tiger.mydomain.com.62372: 25705 NXDomain 0/1/0 (97)
                13:04:08.289062 IP tiger.mydomain.com.51172 > router.mydomain.com.domain: 23562+ A? mydomain.com. (33)
                13:04:08.308518 IP router.mydomain.com.domain > tiger.mydomain.com.51172: 23562 1/0/0 A 98.xxx.xxx.xxx (49)
                13:04:08.477904 IP tiger.mydomain.com.59862 > router.mydomain.com.domain: 62384+ PTR? 1.1.1.10.in-addr.arpa. (39)
                13:04:08.478812 IP router.mydomain.com.domain > tiger.mydomain.com.59862: 62384* 1/0/0 PTR router.mydomain.com. (75)
                13:04:08.487814 IP tiger.mydomain.com.57421 > router.mydomain.com.domain: 31161+ PTR? 11.1.1.10.in-addr.arpa. (40)
                13:04:08.488549 IP router.mydomain.com.domain > tiger.mydomain.com.57421: 31161* 1/0/0 PTR tiger.mydomain.com. (75)
                ^C
                12 packets captured
                1172 packets received by filter
                0 packets dropped by kernel

                1 Reply Last reply Reply Quote 0
                • jimp
                  jimp Rebel Alliance Developer Netgate last edited by

                  Do you have DynDNS enabled for your domain, with wildcard enabled?

                  1 Reply Last reply Reply Quote 0
                  • E
                    eduardr last edited by

                    I'm using DynDNS Custom DNS for the domain, no wildcard.
                    mydomain.com resolves, but randomtext.mydomain.com does not.

                    1 Reply Last reply Reply Quote 0
                    • jimp
                      jimp Rebel Alliance Developer Netgate last edited by

                      Well something out there (perhaps the DNS server for mydomain.com) is answering the AAAA query:

                      13:04:07.910775 IP tiger.mydomain.com.62310 > router.mydomain.com.domain: 27878+ AAAA? panda.mydomain.com. (39)
                      13:04:07.924733 IP router.mydomain.com.domain > tiger.mydomain.com.62310: 27878 1/1/0 CNAME mydomain.com. (123)
                      

                      That means it asked for the AAAA record for panda, and got back that result is a CNAME for mydomain.com

                      And then it asked for a AAAA record for mydomain.com, and AAAA for panda.dolcera.net…

                      13:04:07.924964 IP tiger.mydomain.com.55111 > router.mydomain.com.domain: 55178+ AAAA? mydomain.com. (33)
                      13:04:07.939512 IP router.mydomain.com.domain > tiger.mydomain.com.55111: 55178 0/1/0 (103)
                      13:04:07.939945 IP tiger.mydomain.com.62372 > router.mydomain.com.domain: 25705+ AAAA? panda.dolcera.net. (35)
                      13:04:07.953756 IP router.mydomain.com.domain > tiger.mydomain.com.62372: 25705 NXDomain 0/1/0 (97)
                      

                      …and got back an answer that they don't exist.

                      Then finally asked for an A record for mydomain.com...

                      13:04:08.289062 IP tiger.mydomain.com.51172 > router.mydomain.com.domain: 23562+ A? mydomain.com. (33)
                      13:04:08.308518 IP router.mydomain.com.domain > tiger.mydomain.com.51172: 23562 1/0/0 A 98.xxx.xxx.xxx (49)
                      

                      …and got back what is presumably your WAN IP.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy