Re: Dns Forwarder and hosts file will not work in 2.0



  • Hi fellow pfsense users.

    I'm trying to be able to access my spotweb server on ubuntu by going to http://spotweb

    Spotweb is the sever name and it can be reached by a static ip or by using spotweb.domain.local.

    The thing is I would like to be able to reach this server without adding the local domain. Is this possible? The dns forwarder static entries require me to add a domain name..

    I have the following settings:

    Dns forwarder page
    (all checkboxes are checked and I've tried adding a static entry) Override domain static entry is not used.

    DHCP server
    Dns server filled in as the pfsense ip and the dynamic dns option is set to domain.local.
    Dynamic dns : Enable client registration names in DNS is turned on

    general setup
    hostname pfsense
    domain domain.local
    dns server (not set and all empty)
    Allow dns override by WAN checked (I have a cable modem with a dynamic wan ip/dns)

    If I ping the hostname it also fails. And i've double checked my windows ip config –> it's set to the right dns server.

    Anybody know why this is not working :(? Everything else works perfectly and I would love to go to local webserver(s) by using http://hostname instead of a longer name domain.local etc.



  • If I understand correctly you have your web server in you LOCAL network and there isn't any local DNS server or WINS server in your lan. Is it correct?



  • That is correct. I am only using the dynamic wan dns from my ISP (override checkbox option) as this is a home network and not a corporate network.
    The clients are set up to use the gateway (pfsense ) ip as the dns server though.

    I was hoping to be able to use the dns forwarder to be able to map some static dns names instead of using host files on each client (not a very neat solution).
    Do I not understand what the dns forwarder is? Or should I be using the host file on the pfsense itself and hope that it uses that info before it sends any dns requests to the isp modem?



  • Unfortunately, I think there is nothing wrong in what you did…..
    I can confirm you cannot add host name without entering a domain name. I think this is "by design" (formally correct).
    I tried also to work-around adding a reservation in the DHCP server (using host name) and then checking "Register DHCP static mappings in DNS forwarder" in DNS Forwarder, but pfSense always add the domain name in General setup to the host name.

    Then, I think you have only two choice:

    1. Add your server name in pfsense host file.
    2. Activate netbios name resolution on your server/lan


  • That's too bad.. are you 100 % sure about this? I thought I read topics where people got this working with the dns forwarder.

    i've tried editing the host file on the pfsense machine but windows clients still cannot resolve hostnames without domain.local :(



  • Anybody know why this is not working?

    I've tried the work-around as mentioned above by editing the pfsense hostfile.

    Host file
    192.168.2.80 SpotWeb

    On my local pc :

    IPv4-adres. . . . . . . . . . . . : 192.168.2.101
    Subnetmasker. . . . . . . . . . . : 255.255.255.0
    Standaardgateway. . . . . . . . . : 192.168.2.1
    DHCPv6 IAID . . . . . . . . . . . : 234890380
    DHCPv6-client DUID. . . . . . . . : 00-01-00-01-13-49-BF-00-00-24-8C-17-B5-93
    DNS-servers . . . . . . . . . . . : 192.168.2.1

    Ping spotweb –> no reply
    ping spotweb.home.local I get a reply

    **nslookup spotweb 192.168.2.1  **
    Server:  volvo.home.local
    Address:  192.168.2.1

    Naam:    spotweb
    Address:  192.168.2.80

    Why am I still unable to reach it by ping or by http? Doing a manual nslookup on the pfsense ip I am getting a response?

    doing a ipconfig /flushdns has made no difference btw.



  • I have a pfSense system with Windows (2000, XP, Vista and 7) and Linux system on the LAN. All use DHCP for configuration. pfSense uses the DNS forwarder. My pfSense system is called pfsense in domain example.org. All my LAN systems can refer to other LAN systems by name (e.g. pfsense) or fully qualified domain name (e.g. pfsense.example.org).

    I notice on the pfSense page System -> General Setup: Do not use 'local' as a domain name. It will cause local hosts running mDNS (avahi, bonjour, etc.) to be unable to resolve local hosts not running mDNS.

    I have a recollection that some years ago when I first started using pfSense I configured it in domain .local or something.local but some DNS wierdness (can't recall the details) caused me to switch to domain example.org which seemed to behave more predictably.

    It doesn't help that the first post in this thread used domain name domain.local and later posts used domain name home.local Better to use a consistent domain name and probably better not to use something in .local.



  • Thanks for your reply.

    Home.local was the same as domain.local I just changed the name in this thread.. sorry ;)

    I changed the dns on the general page to home.org and the dynamic dns on dhcp server also to home.org

    Still no luck :( See my post above this one explaining that I can do a nslookup from a windows machine and I get the right IP. When doing the same thing in a browser or in a pring command I get unknown host.

    Am I missing certain dhcp options? Or is the WAN DNS being used to override local lookups? My hosts file on the pfsense contain the server name with and without the home.org and still it doesn't work :(



  • @AudiAddict:

    Still no luck :( See my post above this one explaining that I can do a nslookup from a windows machine and I get the right IP. When doing the same thing in a browser or in a pring command I get unknown host.

    What does the windows system think its domain is? (ipconfig command in a command window should show it.) If you are not sure please post the ipconfig output.

    Do you have pfSense DNS forwarder enabled?

    My understanding of how this should work is that your Windows system should think it is in domain home.org and then a name to IP lookup on spotweb should be given to the name server (pfSense) as a lookup on spotweb.home.org. Of course if you have been fiddling around with the pfSense domain name and haven't renewed your DHCP lease on the Windows client you probably have stale information on the Windows client.



  • C:\Users\Jasper>ipconfig /all

    Windows IP-configuratie

    Hostnaam  . . . . . . . . . . . . : Audi
      Primair DNS-achtervoegsel . . . . : home.org
      Knooppunttype . . . . . . . . . . : hybride
      IP-routering ingeschakeld . . . . : nee
      WINS-proxy ingeschakeld . . . . . : nee

    Ethernet-adapter voor Local Area Connection:

    Verbindingsspec. DNS-achtervoegsel:
      Beschrijving. . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ether
    net Controller
      Fysiek adres. . . . . . . . . . . : 00-24-8C-17-B5-93
      DHCP ingeschakeld . . . . . . . . : nee
      Autom. configuratie ingeschakeld  : ja
      Link-local IPv6-adres . . . . . . : fe80::54f8:2e94:93f9:c8fb%10(voorkeur)
      IPv4-adres. . . . . . . . . . . . : 192.168.2.101
      Subnetmasker. . . . . . . . . . . : 255.255.255.0
      Standaardgateway. . . . . . . . . : 192.168.2.1
      DHCPv6 IAID . . . . . . . . . . . : 234890380
      DHCPv6-client DUID. . . . . . . . : 00-01-00-01-13-49-BF-00-00-24-8C-17-B5-93

    DNS-servers . . . . . . . . . . . : 192.168.2.1
      NetBIOS via TCPIP . . . . . . . . : ingeschakeld

    If you need any translations done.. let me know ;) This is my own workstation set to a static ip because If I reboot pfsense I still need to be able to reach other network devices :)



  • Ok a step farther now.
    on the DHCP page I didn't set the domain name option. I changed this to home.org and it seems to work withing the same subnet (ping / IE/Firefox). Great!

    Not al the way there yet, on my other wifi subnet (172.16.108.0/24) I am able to ping the hostnames and the ip resolves to the 192.168.x local ip but when using the same hostname in internet explorer or firefox it tries to resolve it with the external dns server. Any idea why this is happening?

    It seems we are almost there..



  • On the wireless clients, if you've tried before to reach the server, I would suggest a DNS flush. I think it is ipconfig /flushdns



  • You'll need a dnsmasq.conf file.

    Here is mine:
    "/usr/local/etc/dnsmasq.conf"

    # Filter out queries public DNS can't answer.
    #
    # Tells dnsmasq to never forward queries for plain names, without dots or domain parts, to upstream nameservers. 
    # If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned.
    domain-needed
    # Bogus private reverse lookups. 
    # All reverse lookups for private IP ranges (ie 192.168.x.x, etc) which are not found in /etc/hosts or the DHCP leases file are answered 
    # with "no such domain" rather than being forwarded upstream.
    bogus-priv
    #
    # LAN domain lookups
    #
    # Add local-only domains here, queries in these domains are answered
    # from /etc/hosts or DHCP only.
    local=/home/ 
    #
    # Set the domain for dnsmasq. this is optional, but if it is set, it
    # does the following things.
    # 1) Allows DHCP hosts to have fully qualified domain names, as long
    #     as the domain part matches this setting.
    # 2) Sets the "domain" DHCP option thereby potentially setting the
    #    domain of all systems configured by DHCP
    # 3) Provides the domain part for "expand-hosts"
    domain=home
    #
    # Add the domain to simple names (without a period) in /etc/hosts in the same way as for DHCP-derived names. 
    # Note that this does not apply to domain names in cnames, PTR records, TXT records etc. 
    expand-hosts 
    #
    # increase DNS cache size
    cache-size=10000
    #
    # Set the maximum number of concurrent DNS queries. The default value is 150
    dns-forward-max=300
    #
    # Resolve(generated from WAN DHCP)
    resolv-file=/var/etc/resolv.conf
    #
    

    my LAN is called "home", yours should be "home.local"
    press "save" in pfsense web GUI (dhcp services or DNS forwarder) to "restart" dnsmasq and load your own conf file + default pfsense commandline based settings (some settings maybe double now)

    ipconfig /all

    
    Windows IP-configuratie
    
       Hostnaam  . . . . . . . . . . . . : W7-PC
       Primair DNS-achtervoegsel . . . . :
       Knooppunttype . . . . . . . . . . : hybride
       IP-routering ingeschakeld . . . . : nee
       WINS-proxy ingeschakeld . . . . . : nee
       DNS-achtervoegselzoeklijst. . . . : home
    
    Ethernet-adapter voor LAN-verbinding:
    
       Verbindingsspec. DNS-achtervoegsel: home
       Beschrijving. . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethern
    et Controller
       Fysiek adres. . . . . . . . . . . : XX-XX-XX-XX-XX-XX
       DHCP ingeschakeld . . . . . . . . : ja
       Autom. configuratie ingeschakeld  : ja
       Link-local IPv6-adres . . . . . . : fe80::18ef:47d5:fb62:43cc%10(voorkeur)
       IPv4-adres. . . . . . . . . . . . : 192.168.0.50(voorkeur)
       Subnetmasker. . . . . . . . . . . : 255.255.255.0
       Lease verkregen . . . . . . . . . : dinsdag 29 maart 2011 17:38:56
       Lease verlopen. . . . . . . . . . : dinsdag 29 maart 2011 19:38:56
       Standaardgateway. . . . . . . . . : 192.168.0.1
       DHCP-server . . . . . . . . . . . : 192.168.0.1
       DHCPv6 IAID . . . . . . . . . . . : 234890068
       DHCPv6-client DUID. . . . . . . . : XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX
    
       DNS-servers . . . . . . . . . . . : 192.168.0.1
       NetBIOS via TCPIP . . . . . . . . : ingeschakeld
    
    Tunnel-adapter voor isatap.home:
    
       Mediumstatus. . . . . . . . . . . : medium ontkoppeld
       Verbindingsspec. DNS-achtervoegsel: home
       Beschrijving. . . . . . . . . . . : Microsoft ISATAP Adapter
       Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-00
       DHCP ingeschakeld . . . . . . . . : nee
       Autom. configuratie ingeschakeld  : ja
    
    

    nslookup should result in:

    C:\Users\User>nslookup
    Standaardserver:  pfsense.home
    Address:  192.168.0.1
    
    > w7-pc
    Server:  pfsense.home
    Address:  192.168.0.1
    
    Naam:    w7-pc.home
    Address:  192.168.0.50
    
    > w7-pc.home
    Server:  pfsense.home
    Address:  192.168.0.1
    
    Naam:    w7-pc.home
    Address:  192.168.0.50
    
    > unknown
    Server:  pfsense.home
    Address:  192.168.0.1
    
    *** pfsense.home kan unknown niet vinden: Non-existent domain
    > exit
    
    C:\Users\User>
    


  • Thanks for your reply and I see you are also dutch :).

    I think you might of read my post wrong. Everything is working except IE in the 172.x subnet.

    IE & nslookup works fine in the 192.x subnet (this is where the webserver is also in).

    Windows 7 machine in 172.x subnet output with DHCP set :

    
    Windows IP-configuratie
    
    Ethernet-adapter voor LAN-verbinding:
    
       Verbindingsspec. DNS-achtervoegsel: home.org
       Link-local IPv6-adres . . . . . . : fe80::5162:372a:6434:dcf6%10
       IPv4-adres. . . . . . . . . . . . : 172.16.108.104
       Subnetmasker. . . . . . . . . . . : 255.255.255.0
       Standaardgateway. . . . . . . . . : 172.16.108.1
    
    
    
    C:\Users\User>nslookup spotweb
    Server:  UnKnown
    Address:  172.16.108.1
    
    Naam:    spotweb.home.org
    Address:  192.168.2.80
    
    
    
    C:\Users\User>ping spotweb
    
    Pingen naar spotweb.home.org [192.168.2.80] met 32 bytes aan gegevens:
    Antwoord van 192.168.2.80: bytes=32 tijd=3 ms TTL=63
    Antwoord van 192.168.2.80: bytes=32 tijd=1 ms TTL=63
    Antwoord van 192.168.2.80: bytes=32 tijd=1 ms TTL=63
    Antwoord van 192.168.2.80: bytes=32 tijd=1 ms TTL=63
    
    Ping-statistieken voor 192.168.2.80:
        Pakketten: verzonden = 4, ontvangen = 4, verloren = 0
        (0% verlies).
    
    

    When accessing IE from the 172x interface I get :

    
    While trying to retrieve the URL: http://spotweb/ 
    
    The following error was encountered: 
    
    •Connection to 81.200.64.52 Failed 
    The system returned: 
    
        (60) Operation timed out The remote host or network may be down. Please try the request again. 
    
    Your cache administrator is admin@home.org 
    
    --------------------------------------------------------------------------------
    
    Generated Tue, 29 Mar 2011 16:32:03 GMT by volvo (squid/2.7.STABLE9) 
    
    

    When accessing http://spotweb from the 192x subnet It does work (also using transparant squid proxy here)

    So the only thing which doesnt work right now is IE in the other subnet :)



  • Fixed!!! :D :D

    Manualy set dns server in my proxy setting to the pfsense gateway ip and now it works.. weird!



  • Squid uses pfsense dnsmasq and all nameservers in "resolve.conf".
    Local ip numbers (like your "spotweb" site) would be sent to upstream nameservers.

    I've also set my dnsserver in squid to 127.0.0.1 (different from default, "empty")
    Now only pfsense dnsmasq is used for lookups (and lookup-cache) in squid.


Locked