Re: Dns Forwarder and hosts file will not work in 2.0

AudiAddict

Hi fellow pfsense users.

I'm trying to be able to access my spotweb server on ubuntu by going to http://spotweb

Spotweb is the sever name and it can be reached by a static ip or by using spotweb.domain.local.

The thing is I would like to be able to reach this server without adding the local domain. Is this possible? The dns forwarder static entries require me to add a domain name..

I have the following settings:

Dns forwarder page
(all checkboxes are checked and I've tried adding a static entry) Override domain static entry is not used.

DHCP server
Dns server filled in as the pfsense ip and the dynamic dns option is set to domain.local.
Dynamic dns : Enable client registration names in DNS is turned on

general setup
hostname pfsense
domain domain.local
dns server (not set and all empty)
Allow dns override by WAN checked (I have a cable modem with a dynamic wan ip/dns)

If I ping the hostname it also fails. And i've double checked my windows ip config –> it's set to the right dns server.

Anybody know why this is not working :(? Everything else works perfectly and I would love to go to local webserver(s) by using http://hostname instead of a longer name domain.local etc.

Geppo

If I understand correctly you have your web server in you LOCAL network and there isn't any local DNS server or WINS server in your lan. Is it correct?

AudiAddict

That is correct. I am only using the dynamic wan dns from my ISP (override checkbox option) as this is a home network and not a corporate network.
The clients are set up to use the gateway (pfsense ) ip as the dns server though.

I was hoping to be able to use the dns forwarder to be able to map some static dns names instead of using host files on each client (not a very neat solution).
Do I not understand what the dns forwarder is? Or should I be using the host file on the pfsense itself and hope that it uses that info before it sends any dns requests to the isp modem?

Geppo

Unfortunately, I think there is nothing wrong in what you did…..
I can confirm you cannot add host name without entering a domain name. I think this is "by design" (formally correct).
I tried also to work-around adding a reservation in the DHCP server (using host name) and then checking "Register DHCP static mappings in DNS forwarder" in DNS Forwarder, but pfSense always add the domain name in General setup to the host name.

Then, I think you have only two choice:

1. Add your server name in pfsense host file.
2. Activate netbios name resolution on your server/lan

AudiAddict

That's too bad.. are you 100 % sure about this? I thought I read topics where people got this working with the dns forwarder.

i've tried editing the host file on the pfsense machine but windows clients still cannot resolve hostnames without domain.local :(

AudiAddict

Anybody know why this is not working?

I've tried the work-around as mentioned above by editing the pfsense hostfile.

Host file
192.168.2.80 SpotWeb

On my local pc :

IPv4-adres. . . . . . . . . . . . : 192.168.2.101
Subnetmasker. . . . . . . . . . . : 255.255.255.0
Standaardgateway. . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234890380
DHCPv6-client DUID. . . . . . . . : 00-01-00-01-13-49-BF-00-00-24-8C-17-B5-93
DNS-servers . . . . . . . . . . . : 192.168.2.1

Ping spotweb –> no reply
ping spotweb.home.local I get a reply

**nslookup spotweb 192.168.2.1  **
Server:  volvo.home.local
Address:  192.168.2.1

Naam:    spotweb
Address:  192.168.2.80

Why am I still unable to reach it by ping or by http? Doing a manual nslookup on the pfsense ip I am getting a response?

doing a ipconfig /flushdns has made no difference btw.

wallabybob

I have a pfSense system with Windows (2000, XP, Vista and 7) and Linux system on the LAN. All use DHCP for configuration. pfSense uses the DNS forwarder. My pfSense system is called pfsense in domain example.org. All my LAN systems can refer to other LAN systems by name (e.g. pfsense) or fully qualified domain name (e.g. pfsense.example.org).

I notice on the pfSense page System -> General Setup: Do not use 'local' as a domain name. It will cause local hosts running mDNS (avahi, bonjour, etc.) to be unable to resolve local hosts not running mDNS.

I have a recollection that some years ago when I first started using pfSense I configured it in domain .local or something.local but some DNS wierdness (can't recall the details) caused me to switch to domain example.org which seemed to behave more predictably.

It doesn't help that the first post in this thread used domain name domain.local and later posts used domain name home.local Better to use a consistent domain name and probably better not to use something in .local.

AudiAddict

Thanks for your reply.

Home.local was the same as domain.local I just changed the name in this thread.. sorry ;)

I changed the dns on the general page to home.org and the dynamic dns on dhcp server also to home.org

Still no luck :( See my post above this one explaining that I can do a nslookup from a windows machine and I get the right IP. When doing the same thing in a browser or in a pring command I get unknown host.

Am I missing certain dhcp options? Or is the WAN DNS being used to override local lookups? My hosts file on the pfsense contain the server name with and without the home.org and still it doesn't work :(

wallabybob

@AudiAddict:

Still no luck :( See my post above this one explaining that I can do a nslookup from a windows machine and I get the right IP. When doing the same thing in a browser or in a pring command I get unknown host.

What does the windows system think its domain is? (ipconfig command in a command window should show it.) If you are not sure please post the ipconfig output.

Do you have pfSense DNS forwarder enabled?

My understanding of how this should work is that your Windows system should think it is in domain home.org and then a name to IP lookup on spotweb should be given to the name server (pfSense) as a lookup on spotweb.home.org. Of course if you have been fiddling around with the pfSense domain name and haven't renewed your DHCP lease on the Windows client you probably have stale information on the Windows client.

AudiAddict

C:\Users\Jasper>ipconfig /all

Windows IP-configuratie

Hostnaam  . . . . . . . . . . . . : Audi
  Primair DNS-achtervoegsel . . . . : home.org
  Knooppunttype . . . . . . . . . . : hybride
  IP-routering ingeschakeld . . . . : nee
  WINS-proxy ingeschakeld . . . . . : nee

Ethernet-adapter voor Local Area Connection:

Verbindingsspec. DNS-achtervoegsel:
  Beschrijving. . . . . . . . . . . : Marvell Yukon 88E8056 PCI-E Gigabit Ether
net Controller
  Fysiek adres. . . . . . . . . . . : 00-24-8C-17-B5-93
  DHCP ingeschakeld . . . . . . . . : nee
  Autom. configuratie ingeschakeld  : ja
  Link-local IPv6-adres . . . . . . : fe80::54f8:2e94:93f9:c8fb%10(voorkeur)
  IPv4-adres. . . . . . . . . . . . : 192.168.2.101
  Subnetmasker. . . . . . . . . . . : 255.255.255.0
  Standaardgateway. . . . . . . . . : 192.168.2.1
  DHCPv6 IAID . . . . . . . . . . . : 234890380
  DHCPv6-client DUID. . . . . . . . : 00-01-00-01-13-49-BF-00-00-24-8C-17-B5-93

DNS-servers . . . . . . . . . . . : 192.168.2.1
  NetBIOS via TCPIP . . . . . . . . : ingeschakeld

If you need any translations done.. let me know ;) This is my own workstation set to a static ip because If I reboot pfsense I still need to be able to reach other network devices :)

AudiAddict

Ok a step farther now.
on the DHCP page I didn't set the domain name option. I changed this to home.org and it seems to work withing the same subnet (ping / IE/Firefox). Great!

Not al the way there yet, on my other wifi subnet (172.16.108.0/24) I am able to ping the hostnames and the ip resolves to the 192.168.x local ip but when using the same hostname in internet explorer or firefox it tries to resolve it with the external dns server. Any idea why this is happening?

It seems we are almost there..

Guest

On the wireless clients, if you've tried before to reach the server, I would suggest a DNS flush. I think it is ipconfig /flushdns

Tikimotel

You'll need a dnsmasq.conf file.

Here is mine:
"/usr/local/etc/dnsmasq.conf"

# Filter out queries public DNS can't answer.
#
# Tells dnsmasq to never forward queries for plain names, without dots or domain parts, to upstream nameservers. 
# If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned.
domain-needed
# Bogus private reverse lookups. 
# All reverse lookups for private IP ranges (ie 192.168.x.x, etc) which are not found in /etc/hosts or the DHCP leases file are answered 
# with "no such domain" rather than being forwarded upstream.
bogus-priv
#
# LAN domain lookups
#
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
local=/home/ 
#
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
#     as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
#    domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
domain=home
#
# Add the domain to simple names (without a period) in /etc/hosts in the same way as for DHCP-derived names. 
# Note that this does not apply to domain names in cnames, PTR records, TXT records etc. 
expand-hosts 
#
# increase DNS cache size
cache-size=10000
#
# Set the maximum number of concurrent DNS queries. The default value is 150
dns-forward-max=300
#
# Resolve(generated from WAN DHCP)
resolv-file=/var/etc/resolv.conf
#

my LAN is called "home", yours should be "home.local"
press "save" in pfsense web GUI (dhcp services or DNS forwarder) to "restart" dnsmasq and load your own conf file + default pfsense commandline based settings (some settings maybe double now)

ipconfig /all

Windows IP-configuratie

   Hostnaam  . . . . . . . . . . . . : W7-PC
   Primair DNS-achtervoegsel . . . . :
   Knooppunttype . . . . . . . . . . : hybride
   IP-routering ingeschakeld . . . . : nee
   WINS-proxy ingeschakeld . . . . . : nee
   DNS-achtervoegselzoeklijst. . . . : home

Ethernet-adapter voor LAN-verbinding:

   Verbindingsspec. DNS-achtervoegsel: home
   Beschrijving. . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethern
et Controller
   Fysiek adres. . . . . . . . . . . : XX-XX-XX-XX-XX-XX
   DHCP ingeschakeld . . . . . . . . : ja
   Autom. configuratie ingeschakeld  : ja
   Link-local IPv6-adres . . . . . . : fe80::18ef:47d5:fb62:43cc%10(voorkeur)
   IPv4-adres. . . . . . . . . . . . : 192.168.0.50(voorkeur)
   Subnetmasker. . . . . . . . . . . : 255.255.255.0
   Lease verkregen . . . . . . . . . : dinsdag 29 maart 2011 17:38:56
   Lease verlopen. . . . . . . . . . : dinsdag 29 maart 2011 19:38:56
   Standaardgateway. . . . . . . . . : 192.168.0.1
   DHCP-server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 234890068
   DHCPv6-client DUID. . . . . . . . : XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX-XX

   DNS-servers . . . . . . . . . . . : 192.168.0.1
   NetBIOS via TCPIP . . . . . . . . : ingeschakeld

Tunnel-adapter voor isatap.home:

   Mediumstatus. . . . . . . . . . . : medium ontkoppeld
   Verbindingsspec. DNS-achtervoegsel: home
   Beschrijving. . . . . . . . . . . : Microsoft ISATAP Adapter
   Fysiek adres. . . . . . . . . . . : 00-00-00-00-00-00-00-00
   DHCP ingeschakeld . . . . . . . . : nee
   Autom. configuratie ingeschakeld  : ja

nslookup should result in:

C:\Users\User>nslookup
Standaardserver:  pfsense.home
Address:  192.168.0.1

> w7-pc
Server:  pfsense.home
Address:  192.168.0.1

Naam:    w7-pc.home
Address:  192.168.0.50

> w7-pc.home
Server:  pfsense.home
Address:  192.168.0.1

Naam:    w7-pc.home
Address:  192.168.0.50

> unknown
Server:  pfsense.home
Address:  192.168.0.1

*** pfsense.home kan unknown niet vinden: Non-existent domain
> exit

C:\Users\User>

AudiAddict

Thanks for your reply and I see you are also dutch :).

I think you might of read my post wrong. Everything is working except IE in the 172.x subnet.

IE & nslookup works fine in the 192.x subnet (this is where the webserver is also in).

Windows 7 machine in 172.x subnet output with DHCP set :

Windows IP-configuratie

Ethernet-adapter voor LAN-verbinding:

   Verbindingsspec. DNS-achtervoegsel: home.org
   Link-local IPv6-adres . . . . . . : fe80::5162:372a:6434:dcf6%10
   IPv4-adres. . . . . . . . . . . . : 172.16.108.104
   Subnetmasker. . . . . . . . . . . : 255.255.255.0
   Standaardgateway. . . . . . . . . : 172.16.108.1

C:\Users\User>nslookup spotweb
Server:  UnKnown
Address:  172.16.108.1

Naam:    spotweb.home.org
Address:  192.168.2.80

C:\Users\User>ping spotweb

Pingen naar spotweb.home.org [192.168.2.80] met 32 bytes aan gegevens:
Antwoord van 192.168.2.80: bytes=32 tijd=3 ms TTL=63
Antwoord van 192.168.2.80: bytes=32 tijd=1 ms TTL=63
Antwoord van 192.168.2.80: bytes=32 tijd=1 ms TTL=63
Antwoord van 192.168.2.80: bytes=32 tijd=1 ms TTL=63

Ping-statistieken voor 192.168.2.80:
    Pakketten: verzonden = 4, ontvangen = 4, verloren = 0
    (0% verlies).

When accessing IE from the 172x interface I get :

While trying to retrieve the URL: http://spotweb/ 

The following error was encountered: 

•Connection to 81.200.64.52 Failed 
The system returned: 

    (60) Operation timed out The remote host or network may be down. Please try the request again. 

Your cache administrator is admin@home.org 

--------------------------------------------------------------------------------

Generated Tue, 29 Mar 2011 16:32:03 GMT by volvo (squid/2.7.STABLE9) 

When accessing http://spotweb from the 192x subnet It does work (also using transparant squid proxy here)

So the only thing which doesnt work right now is IE in the other subnet :)

AudiAddict

Fixed!!! :D :D

Manualy set dns server in my proxy setting to the pfsense gateway ip and now it works.. weird!

Tikimotel

Squid uses pfsense dnsmasq and all nameservers in "resolve.conf".
Local ip numbers (like your "spotweb" site) would be sent to upstream nameservers.

I've also set my dnsserver in squid to 127.0.0.1 (different from default, "empty")
Now only pfsense dnsmasq is used for lookups (and lookup-cache) in squid.