Pfsense domain DNS problem on a LAN client


  • I have ben setting up a pretty typical domestic LAN comprising PFsense 2.1 with a few Windows 7 client PCs that get fixed DHCP lease IPs and fixed DNS server IPs from its DHCP server.  There's no local AD or DNS server.

    Pfsense has "lanhost" and "landomain" for the host and domain (it won't allow blank entries here), and for testing purposes I've eliminated issues by giving the clients fixed public DNS servers such as 4.2.2.x. Generally it works fine.

    Two clients use a well-known simple and pretty transparent Windows DNS proxy ("Acrylic DNS proxy") and are having resolution issues. Acrylic accepts DNS requests on localhost:53, blacklist/whitelists/resolves some itself according to regex, and forwards the remainder to a public DNS server.  The Acrylic log shows the problem seems to be that it's receiving some requests "as expected" (www.google.com, www.twitter.com, etc) and does so but a bunch of others are "unexpected" and show the client PC passing it domains like "platform.linkedin.com.landomain" and "www.cnn.com.landomain". Unsurprisingly requests to resolve these domains then fail causing client issues.

    It's obviously tied into the Pfsense domain via DHCP, since ipconfig/all shows "Connection-specific DNS Suffix: landomain".

    I can't seem to leave this setting blank in the router;  and in the clients' Local Area Connection properties -> IPv4 -> Advanced -> DNS, all boxes are "default" (never touched) and I have no real idea what they do.

    It looks like something's slightly wrong and the client is appending a DNS suffix or domain when it shouldn't, either with the Pfsense router or client config, but I can't work out how to correct it, and I don't know why only some requests seem to have .landomain suffixed.


  • Did you ever sort this out?  I have the same problem.

  • LAYER 8 Global Moderator

    I would hope so farfar - this post is from 2014 ;)

    If you need help I would suggest you start your own thread.