Reverse DNS works for windows clients, not linux clients.
Criggie last edited by
I've got pfsense 1.2.3 running fine at home. However this DNS problem has been bugging me for ages, and I finally got down to working on it.
- All clients can do DNS forward lookups of LAN clients without a problem
- A windows client can do a reverse DNS lookup of a LAN or internet IPs okay.
- But a linux box can't do a reverse DNS lookup of LAN or internet IPs
I'm using a hostname of xppropv which resolves to 10.28.1.5 fine, for all clients.
Here's a tcpdump from the firewall of a windows client doing a lookup of 10.28.1.5 (using nslookup with server set to firewall)
# tcpdump -i fxp0 port 53 and udp and host xppropv listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes 21:45:49.212060 IP xppropv.criggie.dyndns.org.cadsi-lm > pfsense.criggie.dyndns.org.domain: 2+ A? xppropv.criggie.dyndns.org. (44) 21:45:49.213498 IP pfsense.criggie.dyndns.org.domain > xppropv.criggie.dyndns.org.cadsi-lm: 2* 1/0/0 (60) 21:45:58.796600 IP xppropv.criggie.dyndns.org.objective-dbc > pfsense.criggie.dyndns.org.domain: 3+ PTR? 126.96.36.199.in-addr.arpa. (40) 21:45:58.797844 IP pfsense.criggie.dyndns.org.domain > xppropv.criggie.dyndns.org.objective-dbc: 3* 1/0/0 PTR[|domain]
Here's a linux box doing the same thing using the dig command
# tcpdump -i fxp0 port 53 and udp and host thionite listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes 21:46:12.548521 IP thionite.criggie.dyndns.org.52028 > pfsense.criggie.dyndns.org.domain: 59925+ A? fw.criggie.dyndns.org. (39) 21:46:12.548874 IP thionite.criggie.dyndns.org.52028 > pfsense.criggie.dyndns.org.domain: 33806+ AAAA? fw.criggie.dyndns.org. (39) 21:46:12.549765 IP pfsense.criggie.dyndns.org.domain > thionite.criggie.dyndns.org.52028: 59925* 1/0/0 A[|domain] 21:46:12.550127 IP pfsense.criggie.dyndns.org.domain > thionite.criggie.dyndns.org.52028: 33806 0/0/0 (39) 21:46:12.551512 IP thionite.criggie.dyndns.org.35333 > pfsense.criggie.dyndns.org.domain: 36816+ A? 10.28.1.5\. (27) 21:46:12.552307 IP pfsense.criggie.dyndns.org.domain > thionite.criggie.dyndns.org.35333: 36816* 1/0/0 A xppropv.criggie.dyndns.org (43)
Notice the linux box is asking for an A record for an IP address, and that it IS being given the right answer.
Finally, the firewall itself ignores the correct answer from itself when doing a dig to localhost. Huh?!
# tcpdump -i lo0 port 53 and udp listening on lo0, link-type NULL (BSD loopback), capture size 96 bytes 22:24:14.099187 IP localhost.56059 > localhost.domain: 50652+ A? 10.28.1.5\. (27) 22:24:14.100443 IP localhost.domain > localhost.56059: 50652* 1/0/0 A xppropv.criggie.dyndns.org (43)
Here's what that command looks like in another session:
# dig 10.28.1.5 @localhost ; <<>> DiG 9.4.3-P2 <<>> 10.28.1.5 @localhost ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50652 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;10.28.1.5. IN A ;; ANSWER SECTION: 10.28.1.5. 0 IN A 10.28.1.5 ;; Query time: 3 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Apr 30 22:24:14 2011 ;; MSG SIZE rcvd: 43 #
To clarify - this affects reverse lookups of internet IPs too
So my question is - why are hosts ignoring the answers given out by pfsense?