TinyDNS on pfsense 2.1
-
I'm trying to setup pfsense 2.1 with tinydns to serve DNS for my local net and use forwarder for external addreses. However, I'm not able to get the setup working.
DNS forwarder works fine (except pfsense can't find it's firmware updates) but resolution to local.net don't work. Here's my setup :
pfsense config:
- LAN : 192.168.1.1
- WAN : DHCP
- DNS Servers : 8.8.8.8 and 4.4.4.4
DNS Forwarder config:
- Enable DNS forwarder : checked
- Listen port : 5353
- Interfaces : All
- Domain overrides : local.net -> 127.0.0.1
NAT config:
- If : LAN
- Proto : UDP
- Src-addr : * Src-port : *
- Dest-addr : * Dest-port : 53
- Nat-IP : 192.168.1.1
- Nat-port : 5353
TinyDNS config:
- IP-Addr : 127.0.0.1
- Interfaces to listen : LAN, WAN, LOOPBACK
Zone:
- local.net SOA ns1.local.net
- ns1.local.net 192.168.1.1
- test.local.net 192.168.1.2
-
I'm trying to do the same, if i work it out i'll post it
-
I am in the exact same situation. I cant seem to get TinyDNS to properly work. With the exception of the NAT setting I have it set up the exact same way as you do.
-
I'm trying to setup pfsense 2.1 with tinydns to serve DNS for my local net and use forwarder for external addreses. However, I'm not able to get the setup working.
DNS forwarder works fine (except pfsense can't find it's firmware updates) but resolution to local.net don't work. Here's my setup :
pfsense config:
- LAN : 192.168.1.1
- WAN : DHCP
- DNS Servers : 8.8.8.8 and 4.4.4.4
I have the same setup and it took me a while to get it going the way I liked:
You need to:
-
Services -> DNS Forwarder - DO NOT USE (TinyDNS provides a resolver)
-
Firewall Rules for DNS - Disable - you dont need them
-
NAT Rules for DNS - Disable - you dont need them
-
Services -> DNS Server -> Settings:
- Binding IP Address: 127.0.0.1
- Enable recursive DNS responder - ENABLE
- Interface to listen - Select them (I use all)
- Respond to IP - I use "10", because my Internal network uses 10.x.x.x - adjust accordingly
- System -> General Setup -> DNS Servers
- Your LAN IP address (you dont need the external ones like 8.8.8.8, etc)
Now, I can resolve my own domain names, external addresses and more importantly, pfsense now displays "You are on the latest version." again :)