PFSense + Kloxo, setting up name-servers.



  • How do I go about forwarding necessary traffic for my name server from an external IP address to an internal IP?

    Scenario:
    Comcast business class with 5 static IP's.

    Comcast –> PFSense (50.xx.xx.53) --> LAN/DMZ

    I already have my Nameserver registered via my registrar, and mapped as such:
    NS1.XXXX.COM --> 50.xx.xx.51
    NS2.XXXX.COM --> 50.xx.xx.52

    I have my two virtual IP's setup as P ARP in PFSense, but am lost after that.

    Help!!



  • Add a portforward ( Firewall: NAT: Port Forward )

    
    WAN  TCP/UCP   *   *    50.xx.xx.51  53  first.internal.address   53
    
    
    
    WAN  TCP/UCP   *   *    50.xx.xx.52  53  second.internal.address   53
    
    

    let these port forwarding rule add firewall rules.



  • @Metu69salemi:

    Add a portforward ( Firewall: NAT: Port Forward )

    
    WAN  TCP/UCP   *   *    50.xx.xx.51  53  first.internal.address   53
    
    
    
    WAN  TCP/UCP   *   *    50.xx.xx.52  53  second.internal.address   53
    
    

    let these port forwarding rule add firewall rules.

    I put these rules in, and reset all states…
    Nothing.

    External Resolution is not working.

    http://www.intodns.com/technoriot.com



  • there is something else, because i can use 50-73-183-52-pennsylvania.hfc.comcastbusiness.net as lookup server in nslookup, but i can't make any queries



  • What could it be? I'm lost  :'(



  • Can anyone shed some light into setting up an internal DNS server on a CENT OS machine behind Pfsense for external resolution?

    I want all incoming dns queries to be handled by a name server behind the firewall.



  • Have you configured the server to accept such requests?

    Does the server log any DNS requests?



  • It is a kloxo install with iptables turned off at the moment.

    Pfsense is preventing it from being accessed somehow.



  • if you have created portforward rules, which i gave you earlier, then pfsense isn't blocking those.



  • Could it be my virtual ip mapping? What would be the proper settings for my virtual up addresses?



  • I highly doubt that, because i can connect to your dns/bind server, but can't make any queries.

    
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
    
    C:\Users\*sanitized*>nslookup
    Default Server:  v*sanitized*m
    Address:  192.168.0.25
    
    > www.google.com
    Server:  v*sanitized*m
    Address:  192.168.0.25
    
    Non-authoritative answer:
    Name:    www.l.google.com
    Addresses:  209.85.148.104
              209.85.148.105
              209.85.148.106
              209.85.148.147
              209.85.148.99
              209.85.148.103
    Aliases:  www.google.com
    
    > lserver 8.8.8.8
    Default Server:  google-public-dns-a.google.com
    Address:  8.8.8.8
    
    > www.google.com
    Server:  google-public-dns-a.google.com
    Address:  8.8.8.8
    
    Non-authoritative answer:
    Name:    www.l.google.com
    Addresses:  74.125.39.147
              74.125.39.105
              74.125.39.104
              74.125.39.103
              74.125.39.99
              74.125.39.106
    Aliases:  www.google.com
    
    > lserver ns1.technoriot.com
    Default Server:  ns1.technoriot.com
    Address:  50.73.183.51
    
    > www.google.com
    Server:  ns1.technoriot.com
    Address:  50.73.183.51
    
    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    *** Request to ns1.technoriot.com timed-out
    >
    
    


  • @ghost1one:

    It is a kloxo install with iptables turned off at the moment.

    Disabling iptables may not be sufficient; the name server software itself might need to be configured to respond to DNS requests from public IP addresses. (Some SSH server packages need to be configured to specify the IP addresses from which the server is allowed to accept connections.)

    @ghost1one:

    Pfsense is preventing it from being accessed somehow.

    That might be true. Can you provide evidence? For example, does the pfSense firewall log report blocked DNS requests on the appropriate interface?



  • http://network-tools.com/default.asp?prog=express&host=ns1.technoriot.com

    When doing a trace route, it times out after hop 14…

    Also, my server does not return any records...

    How can I fix this?



  • These failures are "easy" to fix:

    1. Missing MX-record: add mx-record to your mail-server's public ip
    2. Missing SOA: add Start Of Authority number, which must increased every update

    but all of these seems to be dns-server problems. And that's why doesn't mean that pfsense is only quilty.



  • I think I might have fixed it…

    For some reason if you check " Non-cached DNS " on that site, it'll show my SOA record.

    Weird.


Log in to reply