Dns forwarder issue

  • Hi all,

    I have installed a pfsense server at out office infrastructure and works fine. But i have a issue with the dns forwarder. I have created a host override entry and when my laptop want to resolve over pfsence server it doesn't give me that entry and its giving me the real entry where real domain have. My requirement is when a local user resolve taat sub domain pfsence  should give the local ip and when external user try to resolve it  go daddy name server will provide my wan ip.

    My laptop have dns server ip as the pfsense lan ip.

    When i ping thet entry it give me the real ip and not the host override entry.

    When i just try to resolve that sub domain thru nslookup i get the real ip, but when i specifically mention the server as pfsense ip it give me result.

    DNS request timed out.
        timeout was 2 seconds.
    Default Server:  UnKnown
    Address:  fe80::c605:28ff:fea1:67e1

    Server:  UnKnown
    Address:  fe80::c605:28ff:fea1:67e1

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    Non-authoritative answer:
    DNS request timed out.
        timeout was 2 seconds.
    Name:    xxx.xxxx.com
    Address:  yyy.yyy.yy.yyy -> real ip

    DNS request timed out.
        timeout was 2 seconds.
    Default Server:  []

    Server:  []

    Name:    xxx.xxxx.com

  • What happened to the Host and Domain values in your domain overrides?
    It won't even let me put in a host override without that.

    Maybe your client has multiple DNS servers defined? Then it is getting the public IP value from/through some other DNS server.

  • Hi Davis,

    Yes sorry i have to erase those private information from the images, because image is public.

    Please check my dns server information.

    Do you have any clue ?

  • I didn't have my brain in gear when reading your first post. You are getting back an IPv6 address, and it will be the public one because there is no host override on the IPv6 DNS server.
    For a first test, disable IPv6 on that Windows client. Then it should all happen with IPv4 like you expect.
    I am not familiar enough with the IPv6 DNS stuff - but hopefully you can put in a host override in that also, to return the local IPv6 address, and then enable IPv6 again on the client.

  • Yes Davis, I also thought about that. It could be something relating to the dns IPv6 relating thing. But do you have any idea how my clients get that ipv6 address as a dns server. Because i didnt configure any ipv6 configuration on my pfsense.


  • Likely RDNSS, guessing you have that enabled.

  • Hi cmb,

    Thx for the clue. Never heard it before. Any idea how to disable it ?

  • RA config.

  • LAYER 8 Global Moderator


    Never heard it before. Any idea how to disable it ?

    Under dhcpv6 on the services tab - see attachement

    Windows is going to prefer ipv6 out of the box..  If your not using ipv6 on windows, just disable it would be my suggestion.  Security 101 - if your not using the protocol, then the protocol should not be active.  Simple as a elevated prompt in windows

    reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v DisabledComponents /t REG_DWORD /d 255

    No more ipv6 to worry about..

Log in to reply