DNS forwarder problem
stupots last edited by
I have a 2.0-RC3 (Jun21) server and am having a problem with the DNS forwarder when using host records and domain overrides together.
Internet – FW ------
+-------- PFSense ------- Internal Network
Extranet -- FW ------
Our company hosts its own website (www.company.foo.com) using an RFC1918 address, eg 192.168.1.1. The firewall protecting this server is connected to a common DMZ on the WAN interface of the PFsense server, and has a NAT to translate the public address (eg 188.8.131.52) to 192.168.1.1, so it is accessible over the internet.
For internal workstations to access the site, I've set up a host record in the DNS forwarder so that www.company.foo.com resolves as 192.168.1.1.
We are linked to other companies under the foo.com umbrella on a big extranet, which is connected via another firewall on the WAN DMZ. I have also set up a domain override for foo.com (which appears to work as a wildcard for subdomains of foo.com) to point to the extranet DNS servers. They resolve extranet and internet DNS requests, so www.company.foo.com resolves to 184.108.40.206.
The only problem is that now, when I try to resolve www.company.foo.com, it seems the domain override takes precedence over the host entry and resolves as 220.127.116.11. Also, because our internal DNS is in the format host.site.internal.foo.com, the domain override also prevents the internal DNS from working, because the extranet DNS has no knowledge of our internal DNS.
Can anyone confirm whether both types of behaviour (domain override takes precedence over static host AND domain override takes precedence over general DNS servers) are by design or a bug?
Is there a workaround that I can use? If need be, if I can disable the wildcard behaviour of the domain override it's not to difficult for me to manually enter each of the various domains, eg company2.foo.com, company3.foo.com, company4.foo.com etc.