4. Can't seem to get the dns-server package (tinydns) to answer authoritative

Can't seem to get the dns-server package (tinydns) to answer authoritative

  • D

    I don't need it to be a forwarder for my internal network.  That's already handled by an AD server.

    All I need it to do is answer records on WAN that I have records defined for in the DNS Server settings.

    I've disabled the DNS forwarder.

    The only way I can get it to answer is by checking the recursive box, which is not what I want, and when I do, and do an nslookup to it, it spits out all kinds or garbage about the root servers.

    When i uncheck the box, it won't answer anyithing.

    0
  • D

    Clarification: for testing I'm doing nslookup domain123.com 123.123.123.123 where 123.123.123.123 would be the address of the WAN interface on the pfSense box.

    Also, I just found this bit of information…if I nslookup domain123.com. instead of just domain123.com without the trailing dot, I get a response.  I don't know if that helps with troubleshooting or what that actually means.

    0
  • T

    The Windows nslookup command will often append .home to the end of the query, so instead of looking up domain123.com, it will try to look up domain123.com.home. I have no idea why it does that (maybe someone else here knows?), but adding a dot to the end will prevent it from appending .home which is probably why nslookup domain123.com. works.

    To see if this is the issue look in the "Logs" tab of tinydns. If nslookup is sending .home queries they will show up there along with the error message "not_authority".

    0
  • LAYER 8 Global Moderator

    Its not that nslookup appends .home - it will append whatever domain your computer is in, or whatever your search suffix search is.  Which can be quite long depending how you set it up.

    You can view this with ipconfig /all

    example

    C:>ipconfig /all

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : i5-w7
      Primary Dns Suffix  . . . . . . . : local.lan
      Node Type . . . . . . . . . . . . : Hybrid
      IP Routing Enabled. . . . . . . . : No
      WINS Proxy Enabled. . . . . . . . : No
      DNS Suffix Search List. . . . . . : local.lan

    Notice domain is local.lan, if I just do a query via nslookup for just a host name it auto appends the search suffix - in my case .local.lan - sure if you setup network to use .home as your domain then it would append those to your searches..

    So see attached sniff of when doing a nslookup for pfsense, the nslookup command fist does a PTR for the dns server in my case 192.168.1.253, you will then see it do query for A and AAAA both with .local.lan in the query even though I only did query for pfsense

    now if I did a query for say whatever.something.com you notice it still appends in the first query .local.lan - it gets no response for this so walks up the tree and says lets try without the suffix, see the query without the .local.lan

    If you don't want the query for your search suffix to be appended then you have tell nslookup hey this exactly what I want - don't add anything by putting . on the end.  3rd attachment notice it only does query for exactly what I asked for - no added suffix to the query.






    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy