• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

DNS Forwarder on one of two Subnet in an multilan scenario is not working

DHCP and DNS
2
4
1.0k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    g_savini
    last edited by Sep 23, 2014, 9:06 PM

    Sorry my english. There is an strange behavior with DNS Forwarder in an scenario with two LAN and 2 WAN. I googled the problem with no answer.
    The subnetwork on LAN1 interface can surf internet and can resolve DNS queries without problems, but clients on second LAN2 can't. I believe  the problem is the DNS Forwarder.

    From LAN2 client i can ping to the google DNS host "8.8.8.8" but if i try to do an nslookup to www.google.com the answer an ip address of my Access Point.

    My hardware are confgured just like that:

    PfSense 2.1.5 amd64.

    LAN Interfase:
    Realtek PCI 10/100 Ethernet NIC
    IP: 192.168.0.3/24
    Conected to switch

    WIFI Interfase:
    Realtek PCI 10/100 Ethernet NIC
    IP: 192.168.2.1/24
    Connected directly to an Access Point Tp-Link TL-WN901nd (ip: 192.168.2.2) (doubt here, may be the cause the problem?)

    WAN1 and WAN2:
    PPOE clients
    Dynamic IP

    DHCP Server on WIFI Interface
    Range: 192.168.2.100 - 192.168.2.200
    Domain Name: syscomputacion.com.ar

    No statics entries.

    DHCP Server on LAN interfase.
    Range: 192.168.0.100 - 192.168.0.200
    Domain Name: None or syscomputacion.com.ar
    No statics entries.

    Firewall rules on WIFI interfase:

    | Action | Proto | Source | Port | Destination | Port | Gateway | Queue | Schedule | Description |
    | block | * | Reserved/not assigned by IANA | * | * | * | * | * | * | Block bogon networks |
    | Pass | IPV4 UDP | WIFI net | 53(DNS) | 192.168.2.1 | 53(DNS) | * | none | | WIFI -> DNS |
    | Pass | IPv4* | WIFI net | * | * | * | MultiWan | none | | WIFI -> Internet |

    The following tests was made on a Windows 7 client on WIFI subnet connected via wireless:

    IP Address on Client (Assigned by DHCP): 192.168.2.100
    Domain Sufix: syscomputacion.com.ar
    Netmask 255.255.255.0
    DHCP Server: 192.168.2.1
    DNS Server: 192.168.2.1

    Ping Test:

    Ping 192.168.0.3 (pfsense) ok.
    Ping 8.8.8.8 (google DNS), ok.
    Ping 192.168.2.1 (Pfsense) ok.

    nslookup www.google.com

    • server: 1.2.168.192.in-addr.arpa
    • Address: 192.168.2.1
      Non Authoritative Answer:
    • Name: www.google.com.syscomputacion.com.ar (???????) If i remove Domain Name from DHCP server in WIFI Interface syscomputacion.com.ar is not appended after google.com, i don't know why this happens.
    • Address: 192.168.2.2 (the ip of Access Point). WHY why?

    I also tried modify the rule on port 53 to point 192.168.0.3 with no result.
    Viewing the firewall log i don't found  queries on port 53 blocked.

    Can anybody help me?.
    Thanks.

    1 Reply Last reply Reply Quote 0
    • D
      Derelict LAYER 8 Netgate
      last edited by Sep 23, 2014, 10:02 PM

      That is your nslookup appending your configured domain name to its query.  nslookup is stupid.

      If you don't want that to happen, append a trailing period to your domain name:

      nslookup www.google.com.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • D
        Derelict LAYER 8 Netgate
        last edited by Sep 23, 2014, 10:06 PM

        And do yourself a favor and make your pass rules for DNS UDP and TCP for port 53, not just UDP.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • G
          g_savini
          last edited by Sep 24, 2014, 12:26 PM

          Thanks, i solved the problem.
          No DNS Forwarder problem o firewall rules mistake. It was an Access point TL-WA901ND V3 bug. I connected WIFI interfase and AP both to the same switch, then connect the client to the wired lan, all worked fine with the original configuration. So i discovered that the problem was an Access point bug.

          Googled some issues with this AP and DNS and found this

          "I got the DNS issue fixed only if I run the AP as DHCP Client. With a static IP (and yes still without default Gateway) any DNS request replies with the static IP address of the AP."

          So i changed  the fixed IP on the AP to a Dynamic IP and all worked fine on the wireless clients.

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.