Reverse DNS works for windows clients, not linux clients.
I've got pfsense 1.2.3 running fine at home. However this DNS problem has been bugging me for ages, and I finally got down to working on it.
- All clients can do DNS forward lookups of LAN clients without a problem
- A windows client can do a reverse DNS lookup of a LAN or internet IPs okay.
- But a linux box can't do a reverse DNS lookup of LAN or internet IPs
I'm using a hostname of xppropv which resolves to 10.28.1.5 fine, for all clients.
Here's a tcpdump from the firewall of a windows client doing a lookup of 10.28.1.5 (using nslookup with server set to firewall)
# tcpdump -i fxp0 port 53 and udp and host xppropv listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes 21:45:49.212060 IP xppropv.criggie.dyndns.org.cadsi-lm > pfsense.criggie.dyndns.org.domain: 2+ A? xppropv.criggie.dyndns.org. (44) 21:45:49.213498 IP pfsense.criggie.dyndns.org.domain > xppropv.criggie.dyndns.org.cadsi-lm: 2* 1/0/0 (60) 21:45:58.796600 IP xppropv.criggie.dyndns.org.objective-dbc > pfsense.criggie.dyndns.org.domain: 3+ PTR? 126.96.36.199.in-addr.arpa. (40) 21:45:58.797844 IP pfsense.criggie.dyndns.org.domain > xppropv.criggie.dyndns.org.objective-dbc: 3* 1/0/0 PTR[|domain]
Here's a linux box doing the same thing using the dig command
# tcpdump -i fxp0 port 53 and udp and host thionite listening on fxp0, link-type EN10MB (Ethernet), capture size 96 bytes 21:46:12.548521 IP thionite.criggie.dyndns.org.52028 > pfsense.criggie.dyndns.org.domain: 59925+ A? fw.criggie.dyndns.org. (39) 21:46:12.548874 IP thionite.criggie.dyndns.org.52028 > pfsense.criggie.dyndns.org.domain: 33806+ AAAA? fw.criggie.dyndns.org. (39) 21:46:12.549765 IP pfsense.criggie.dyndns.org.domain > thionite.criggie.dyndns.org.52028: 59925* 1/0/0 A[|domain] 21:46:12.550127 IP pfsense.criggie.dyndns.org.domain > thionite.criggie.dyndns.org.52028: 33806 0/0/0 (39) 21:46:12.551512 IP thionite.criggie.dyndns.org.35333 > pfsense.criggie.dyndns.org.domain: 36816+ A? 10.28.1.5\. (27) 21:46:12.552307 IP pfsense.criggie.dyndns.org.domain > thionite.criggie.dyndns.org.35333: 36816* 1/0/0 A xppropv.criggie.dyndns.org (43)
Notice the linux box is asking for an A record for an IP address, and that it IS being given the right answer.
Finally, the firewall itself ignores the correct answer from itself when doing a dig to localhost. Huh?!
# tcpdump -i lo0 port 53 and udp listening on lo0, link-type NULL (BSD loopback), capture size 96 bytes 22:24:14.099187 IP localhost.56059 > localhost.domain: 50652+ A? 10.28.1.5\. (27) 22:24:14.100443 IP localhost.domain > localhost.56059: 50652* 1/0/0 A xppropv.criggie.dyndns.org (43)
Here's what that command looks like in another session:
# dig 10.28.1.5 @localhost ; <<>> DiG 9.4.3-P2 <<>> 10.28.1.5 @localhost ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50652 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;10.28.1.5. IN A ;; ANSWER SECTION: 10.28.1.5. 0 IN A 10.28.1.5 ;; Query time: 3 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Apr 30 22:24:14 2011 ;; MSG SIZE rcvd: 43 #
To clarify - this affects reverse lookups of internet IPs too
So my question is - why are hosts ignoring the answers given out by pfsense?