DNS Forwarder Issues



  • Hi there.

    I'm running pfsense 2.0.1 to manage vpn connection and dhcp leases for my offices LAN. Additionally, I have enabled dns forwarding so as to get domain requests to our specific developer machines to resolve. To better explain this….i'm using a combination of a cron script and host-name naming conventions to generate a host file to be used with the "addn-hosts" advanced setting.

    This works perfectly, when i nslookup coworker_name.porduct_domain (so, sarah.statsapplication.com), i get pointed at that co-workers machine, and their in development pages load like a dream:

    nslookup sarah.statsapplication.com
    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Name: sarah.statsapplication.com
    Address: 192.168.1.199

    However, I restarted the router at some point and then all of the sudden domains not within that hostfile (ie google.com) could not be found:
    nslookup cool.com
    Server: 192.168.1.1
    Address: 192.168.1.1#53

    ** server can't find cool.com.localdomain: REFUSED

    Needless to say, access to our coworkers in progress sites is not worth loosing access to addresses in the WAN so to speak. Again, i want to reiterate that this was working just fine until there was need of a reboot.


  • Rebel Alliance Global Moderator

    "** server can't find cool.com**.localdomain**: REFUSED"

    That is not a public tld, so unless you were authoritative for that, IE had records created for that tld .localdmain then yeah your going to have issues trying to lookup stuff in anything.localdomain

    cool.com.localdomain
    Server:  pfsense.local.lan
    Address:  192.168.1.253

    *** pfsense.local.lan can't find cool.com.localdomain: Non-existent domain

    That you got refused tells me you got forwarded to something that REFUSED your query.



  • Well, one thing i definitely don't understand is why "localdomain" was added to the string, as the command i ran was "nslookup cool.com"



  • add log-queries to Services ->DNS Forwarder -> Advanced then save.
    do same nslookup again and paste your Status -> System Logs -> Resolver

    ![2014-02-22 17_36_57-pfsense.localdomain - Services_ DNS forwarder.png](/public/imported_attachments/1/2014-02-22 17_36_57-pfsense.localdomain - Services_ DNS forwarder.png)
    ![2014-02-22 17_36_57-pfsense.localdomain - Services_ DNS forwarder.png_thumb](/public/imported_attachments/1/2014-02-22 17_36_57-pfsense.localdomain - Services_ DNS forwarder.png_thumb)



  • actually, i got it fixed by adding a dns server in System > General Setup, guess that when it had been working before it was cause the dns setting had stuck around from before my setting of a static ip on the wan interface. or something.

    Thanks



  • @DNS_Newbie:

    actually, i got it fixed by adding a dns server in System > General Setup, guess that when it had been working before it was cause the dns setting had stuck around from before my setting of a static ip on the wan interface. or something.

    Thanks

    No dns server would be a problem. Good work



  • @DNS_Newbie:

    Well, one thing i definitely don't understand is why "localdomain" was added to the string, as the command i ran was "nslookup cool.com"

    These days many systems (like Windows) append your local domain to name that you ask for, if the raw name is not found. This helps people type in short names inside their organisation and get success
    e.g. you work in myorg.org and type in server1.branchoffice - server1.branchoffice gets NXDOMAIN - the system then tries server1.branchoffice.myorg.org for you, and success! Saved you typing the whole FQDN.
    So when your general name server services are not working properly, you will get the client trying with ".myorg.org" ".localdomain" appended, and thus see seemingly confusing messages like that.