Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS lookup for alternate domain

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 3 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      bordr415
      last edited by

      I don't normally post questions. Usually read through all related content, however, I can't seem to find anything that relates. (Some come close…)

      I have several VPN tunnels. Each tunnel routes to a network offsite and I would like to use dns. Whenever I add an entry in Domain Overrides it returns nothing when pinging that domain. I can manually change my dns on my nic and it resolves. Obviously I'm pinging the fqdn. If I do a nslookup it shows something similar to this:

      _C:\Windows\System32>nslookup test.domain-remote.com
      Server:  UnKnown
      Address:  172.31.11.1

      Name:    test.domain-remote.com.domain-local.com
      Address:  127.0.0.1_

      Now I know the VPN tunnels are up because I can ping the remote side and get a response. It appears as though DNS is getting confused and appending my primary domain name (yes I have read the sticky). Can one of the DNS Guru's out suggest some troubleshooting.

      1 Reply Last reply Reply Quote 0
      • C Offline
        craigduff
        last edited by

        Are these networks separate domains… With different domain controllers or are they all child domains under a forest?

        If they are different, look into STUB DNS between the domains.

        Kind Regards,
        Craig

        1 Reply Last reply Reply Quote 0
        • jimpJ Offline
          jimp Rebel Alliance Developer Netgate
          last edited by

          When using nslookup especially, use a "." at the end of the FQDN, or else it will append the search domain to the host. If you have wildcard DNS active on your domain, the domain search will return a "valid" record instead of NXDOMAIN so it can't fall through to test the hostname properly.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • B Offline
            bordr415
            last edited by

            Sorry, have been out of town on business.

            craigduff:
            They are all individual (no forest). I don't think stub zones are the answer. I don't want dns on the far ends of the VPN tunnels, just on the local side with the pfsense box. I really don't want to replicate the entire zone from BIND or MSDNS to the pfsense box if I can help it. Basically what I think i'm looking for is a conditional forward.

            jimp:
            I get the whole . at the end thing (been doing that for years), however, the problem is there is no way a wildcard could be set. An example is abc.local is a domain that i would like to look up.

            So if i want to connect to desktop-01.abc.local the lookup should go to pfsense and pfsense see the domain then forward it to the dns server at abc.local which in return should supply the ip address of the machine. Correct me if I'm wrong or if I have missed something.

            I was under the impression that in pfsense the DNS Forwarder (under domain overrides) would forward dns requests for a domain to the dns controller at the ip listed.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.