Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Forwarder not resolving when host is not a registered DHCP Client with lease

    DHCP and DNS
    3
    7
    3717
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wadmutter
      last edited by

      I have a simple issue and Im not sure it can be fixed. Perhaps its a feature?

      After upgrading from a box running PF sense 1.x, my hosts that have IP addresses manually assigned to them are ignored by the dns forwarder.

      My LAN interface of my router is 10.34.41.254, all dhcp clients get that IP address as thier DNS server, then the router forwards the request to google servers. That works as advertised, however if I manually assign an address outside the DHCP Pool, DNS forwarder does not repsond to the HOST, thus no DNS.

      Any fix for that?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        So what is your lan rules setup to allow access.. Are you limiting the source IPs

        What is your lan rules?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 23.09 | Lab VMs 2.7.1, 23.09

        1 Reply Last reply Reply Quote 0
        • W
          wallabybob
          last edited by

          @wadmutter:

          however if I manually assign an address outside the DHCP Pool, DNS forwarder does not repsond to the HOST, thus no DNS

          How far outside the DHCP pool? What network mask? If the manually configured system thinks the DNS server (you made no mention of configuring it) is not on the same network as the manually configured system then the manually configured system will need to go through the default gateway (you made no mention of manually configuring default gateway) which needs to be on the same network as the manually configured system.

          What is reported on a manually configured system if you ping the DNS server?

          1 Reply Last reply Reply Quote 0
          • W
            wadmutter
            last edited by

            Jonpoz: LAN firewall rules allow any to any. Set for wide open, no limiting of the source IP's from the same network what so ever.

            1 Reply Last reply Reply Quote 0
            • W
              wadmutter
              last edited by

              wallabybob: The DHCP scope is a class C network with a 24 bit mask. The manually assigned addresses are with in that network, simply not in the DHCP range. IE 10.34.41.11 - 10.34.41.149/24 is the range. 10.34.41.165/24 is the manually assigned address. When I assign the routers interface as the DNS server, it does not respond, yet i can ping it.

              1 Reply Last reply Reply Quote 0
              • W
                wallabybob
                last edited by

                @wadmutter:

                When I assign the routers interface as the DNS server, it does not respond, yet i can ping it.

                What do you do to make that assignment?

                On what sort of system did you make that assignment (Windows? Linux? etc)

                Does that system need to be rebooted for the assignment to take effect?

                What does a DNS debugging tool such as dig or nslookup report as the IP address of the DNS?

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  What your saying makes no sense if you don't have rule on lan interface to block access.  I have plenty of boxes outside my dhcp scope.  So example my lan network is 192.168.1.0/24, pfsense lan interface is on 192.168.1.253

                  dhcp scope is 192.168.1.210 to .219

                  So for example my linux box at 192.168.1.7 can query pfsense for dns.

                  
 dig i5-w7.local.lan

; <<>> DiG 9.8.1-P1 <<>> i5-w7.local.lan

;; QUESTION SECTION:
;i5-w7.local.lan.               IN      A

;; ANSWER SECTION:
i5-w7.local.lan.        1       IN      A       192.168.1.100

;; Query time: 2 msec
;; SERVER: 192.168.1.253#53(192.168.1.253)
;; WHEN: Fri Sep 21 11:11:19 2012

                  And here is windows box on .100 also outside the scope

                  
C:\Windows\System32>nslookup
Default Server:  pfsense.local.lan
Address:  192.168.1.253

> www.google.com
Server:  pfsense.local.lan
Address:  192.168.1.253

Non-authoritative answer:
Name:    www.google.com
Addresses:  2607:f8b0:400f:801::1012
          74.125.225.177
          74.125.225.179
          74.125.225.178
          74.125.225.180
          74.125.225.176

                  So I would verify that you did not typo the dns server?  Do you have more than 1 dns server listed on the clients on your lan?

                  I have more boxes outside my scope than inside to be honest, and have no issues - are these boxes on a different interface/vlan connected to pfsense, so different firewall rules than lan?  Is there anything between them and the pfsense lan interface, another firewall, local firewalls on the clients?

                  Are you running say unbound, where you could of set ACLs on which IPs can query it?

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 23.09 | Lab VMs 2.7.1, 23.09

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post