Can't seem to get the dns-server package (tinydns) to answer authoritative

  • I don't need it to be a forwarder for my internal network.  That's already handled by an AD server.

    All I need it to do is answer records on WAN that I have records defined for in the DNS Server settings.

    I've disabled the DNS forwarder.

    The only way I can get it to answer is by checking the recursive box, which is not what I want, and when I do, and do an nslookup to it, it spits out all kinds or garbage about the root servers.

    When i uncheck the box, it won't answer anyithing.

  • Clarification: for testing I'm doing nslookup where would be the address of the WAN interface on the pfSense box.

    Also, I just found this bit of information…if I nslookup instead of just without the trailing dot, I get a response.  I don't know if that helps with troubleshooting or what that actually means.

  • The Windows nslookup command will often append .home to the end of the query, so instead of looking up, it will try to look up I have no idea why it does that (maybe someone else here knows?), but adding a dot to the end will prevent it from appending .home which is probably why nslookup works.

    To see if this is the issue look in the "Logs" tab of tinydns. If nslookup is sending .home queries they will show up there along with the error message "not_authority".

  • LAYER 8 Global Moderator

    Its not that nslookup appends .home - it will append whatever domain your computer is in, or whatever your search suffix search is.  Which can be quite long depending how you set it up.

    You can view this with ipconfig /all


    C:>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : i5-w7
      Primary Dns Suffix  . . . . . . . : local.lan
      Node Type . . . . . . . . . . . . : Hybrid
      IP Routing Enabled. . . . . . . . : No
      WINS Proxy Enabled. . . . . . . . : No
      DNS Suffix Search List. . . . . . : local.lan

    Notice domain is local.lan, if I just do a query via nslookup for just a host name it auto appends the search suffix - in my case .local.lan - sure if you setup network to use .home as your domain then it would append those to your searches..

    So see attached sniff of when doing a nslookup for pfsense, the nslookup command fist does a PTR for the dns server in my case, you will then see it do query for A and AAAA both with .local.lan in the query even though I only did query for pfsense

    now if I did a query for say you notice it still appends in the first query .local.lan - it gets no response for this so walks up the tree and says lets try without the suffix, see the query without the .local.lan

    If you don't want the query for your search suffix to be appended then you have tell nslookup hey this exactly what I want - don't add anything by putting . on the end.  3rd attachment notice it only does query for exactly what I asked for - no added suffix to the query.

Log in to reply