DNS Forwarder Issues

DNS_Newbie

Hi there.

I'm running pfsense 2.0.1 to manage vpn connection and dhcp leases for my offices LAN. Additionally, I have enabled dns forwarding so as to get domain requests to our specific developer machines to resolve. To better explain this….i'm using a combination of a cron script and host-name naming conventions to generate a host file to be used with the "addn-hosts" advanced setting.

This works perfectly, when i nslookup coworker_name.porduct_domain (so, sarah.statsapplication.com), i get pointed at that co-workers machine, and their in development pages load like a dream:

nslookup sarah.statsapplication.com
Server: 192.168.1.1
Address: 192.168.1.1#53

Name: sarah.statsapplication.com
Address: 192.168.1.199

However, I restarted the router at some point and then all of the sudden domains not within that hostfile (ie google.com) could not be found:
nslookup cool.com
Server: 192.168.1.1
Address: 192.168.1.1#53

** server can't find cool.com.localdomain: REFUSED

Needless to say, access to our coworkers in progress sites is not worth loosing access to addresses in the WAN so to speak. Again, i want to reiterate that this was working just fine until there was need of a reboot.

johnpoz

"** server can't find cool.com**.localdomain**: REFUSED"

That is not a public tld, so unless you were authoritative for that, IE had records created for that tld .localdmain then yeah your going to have issues trying to lookup stuff in anything.localdomain

cool.com.localdomain
Server: pfsense.local.lan
Address: 192.168.1.253

*** pfsense.local.lan can't find cool.com.localdomain: Non-existent domain

That you got refused tells me you got forwarded to something that REFUSED your query.

DNS_Newbie

Well, one thing i definitely don't understand is why "localdomain" was added to the string, as the command i ran was "nslookup cool.com"

bryan.paradis

add log-queries to Services ->DNS Forwarder -> Advanced then save.
do same nslookup again and paste your Status -> System Logs -> Resolver

![2014-02-22 17_36_57-pfsense.localdomain - Services_ DNS forwarder.png](/public/imported_attachments/1/2014-02-22 17_36_57-pfsense.localdomain - Services_ DNS forwarder.png)
![2014-02-22 17_36_57-pfsense.localdomain - Services_ DNS forwarder.png_thumb](/public/imported_attachments/1/2014-02-22 17_36_57-pfsense.localdomain - Services_ DNS forwarder.png_thumb)

DNS_Newbie

actually, i got it fixed by adding a dns server in System > General Setup, guess that when it had been working before it was cause the dns setting had stuck around from before my setting of a static ip on the wan interface. or something.

Thanks

bryan.paradis

@DNS_Newbie:

actually, i got it fixed by adding a dns server in System > General Setup, guess that when it had been working before it was cause the dns setting had stuck around from before my setting of a static ip on the wan interface. or something.

Thanks

No dns server would be a problem. Good work

phil.davis

@DNS_Newbie:

Well, one thing i definitely don't understand is why "localdomain" was added to the string, as the command i ran was "nslookup cool.com"

These days many systems (like Windows) append your local domain to name that you ask for, if the raw name is not found. This helps people type in short names inside their organisation and get success
e.g. you work in myorg.org and type in server1.branchoffice - server1.branchoffice gets NXDOMAIN - the system then tries server1.branchoffice.myorg.org for you, and success! Saved you typing the whole FQDN.
So when your general name server services are not working properly, you will get the client trying with ".myorg.org" ".localdomain" appended, and thus see seemingly confusing messages like that.