DNS lookup for alternate domain



  • I don't normally post questions. Usually read through all related content, however, I can't seem to find anything that relates. (Some come close…)

    I have several VPN tunnels. Each tunnel routes to a network offsite and I would like to use dns. Whenever I add an entry in Domain Overrides it returns nothing when pinging that domain. I can manually change my dns on my nic and it resolves. Obviously I'm pinging the fqdn. If I do a nslookup it shows something similar to this:

    _C:\Windows\System32>nslookup test.domain-remote.com
    Server:  UnKnown
    Address:  172.31.11.1

    Name:    test.domain-remote.com.domain-local.com
    Address:  127.0.0.1_

    Now I know the VPN tunnels are up because I can ping the remote side and get a response. It appears as though DNS is getting confused and appending my primary domain name (yes I have read the sticky). Can one of the DNS Guru's out suggest some troubleshooting.



  • Are these networks separate domains… With different domain controllers or are they all child domains under a forest?

    If they are different, look into STUB DNS between the domains.


  • Rebel Alliance Developer Netgate

    When using nslookup especially, use a "." at the end of the FQDN, or else it will append the search domain to the host. If you have wildcard DNS active on your domain, the domain search will return a "valid" record instead of NXDOMAIN so it can't fall through to test the hostname properly.



  • Sorry, have been out of town on business.

    craigduff:
    They are all individual (no forest). I don't think stub zones are the answer. I don't want dns on the far ends of the VPN tunnels, just on the local side with the pfsense box. I really don't want to replicate the entire zone from BIND or MSDNS to the pfsense box if I can help it. Basically what I think i'm looking for is a conditional forward.

    jimp:
    I get the whole . at the end thing (been doing that for years), however, the problem is there is no way a wildcard could be set. An example is abc.local is a domain that i would like to look up.

    So if i want to connect to desktop-01.abc.local the lookup should go to pfsense and pfsense see the domain then forward it to the dns server at abc.local which in return should supply the ip address of the machine. Correct me if I'm wrong or if I have missed something.

    I was under the impression that in pfsense the DNS Forwarder (under domain overrides) would forward dns requests for a domain to the dns controller at the ip listed.


Locked