Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS forwarder problem

    Scheduled Pinned Locked Moved
    DHCP and DNS
    1
    1
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stupots
      last edited by

      Hi,

      I have a 2.0-RC3 (Jun21) server and am having a problem with the DNS forwarder when using host records and domain overrides together.

      WWW Server
                  |
                  |
      Internet – FW ------
                          |
                          |
                          +-------- PFSense ------- Internal Network
                          |
                          |
      Extranet -- FW ------

      Our company hosts its own website (www.company.foo.com) using an RFC1918 address, eg 192.168.1.1.  The firewall protecting this server is connected to a common DMZ on the WAN interface of the PFsense server, and has a NAT to translate the public address (eg 140.140.140.140) to 192.168.1.1, so it is accessible over the internet.

      For internal workstations to access the site, I've set up a host record in the DNS forwarder so that www.company.foo.com resolves as 192.168.1.1.

      We are linked to other companies under the foo.com umbrella on a big extranet, which is connected via another firewall on the WAN DMZ.  I have also set up a domain override for foo.com (which appears to work as a wildcard for subdomains of foo.com) to point to the extranet DNS servers.  They resolve extranet and internet DNS requests, so www.company.foo.com resolves to 140.140.140.140.

      The only problem is that now, when I try to resolve www.company.foo.com, it seems the domain override takes precedence over the host entry and resolves as 140.140.140.140.  Also, because our internal DNS is in the format host.site.internal.foo.com, the domain override also prevents the internal DNS from working, because the extranet DNS has no knowledge of our internal DNS.

      Can anyone confirm whether both types of behaviour (domain override takes precedence over static host AND domain override takes precedence over general DNS servers) are by design or a bug?

      Is there a workaround that I can use?  If need be, if I can disable the wildcard behaviour of the domain override it's not to difficult for me to manually enter each of the various domains, eg company2.foo.com, company3.foo.com, company4.foo.com etc.

      Thanks,
      Stuart

      1 Reply Last reply Reply Quote 0
      • First post
        Last post