Bad domain names forward to web server

  • I've been trying to figure this out off and on for a few weeks on my own and I can't seem to pinpoint the cause of my problem.  I've got a natted webserver on my lan, and I have port 80 forwarded to it.  I do have nat reflection enabled, so I can reach the server by domain name without manually editing my hosts file on each PC.

    Normally I have no trouble, but I tend to do web searches in the address bar, and I guess the default behavior of the browser is to do a search on single terms only if a bad DNS response happens.  Instead of that happening, it seems that the response to DNS queries on bad domains is to return the WAN IP address.  This means that if I enter in a single word search in the address bar, or enter a bad domain, I get redirected to my webserver.  Also, if I ping a bad domain, I end up pinging my WAN IP.

    This behavior doesn't happen with my SOHO router, nor does it happen with other router/firewall software I have tried, so I'm convinced that it has to do with my configuration in pfsense.

    I'm not sure where to start looking to find the problem.  Any ideas would be appreciated.

  • Am I the only person to have this problem?

  • Rebel Alliance Developer Netgate

    That  can happen if a couple factors are in play:

    1. You have your firewall's domain set to your dynamic DNS domain
    2. The domain the firewall is using is set for Wildcard DNS

    Under those circumstances, any short name query will return the IP of the WAN since that's what it's told to do with wildcard DNS active. The short name expands to <short name="">. <your domain="">since the domain is assumed in those cases, and then that query gets a proper reply since wildcard is active. To fix it, either deactivate wildcard DNS or change the domain name in use by the firewall to one that doesn't have wildcard DNS active.</your></short>