Import host override list into forwarder



  • Is there a faster way than the GUI to populate host overrides into the forwarder?  I have about 170 entries making the GUI method rather tedious.  I tried editing the dnsmasq section of a current backup of config.xml, also tedious, then restored just the "DNS Forwarder section" of the xml which after a reboot resulted in unbound not starting due to the following error;

    Unbound: error: error parsing local-data at 19 'host IN A x.x.x.x(unresolved)': Syntax error, could not parse the RR's type.

    No syntax errors in the xml that I can see.  Any suggestions appreciated.


  • LAYER 8 Global Moderator

    I am not sure about the resolver that is new to 2.2, but I just tested using the forwarder in 2.2 and this still works like it did in 2.1

    create a file, I created /etc/extra, put your records in there.  Then in advanced section of the forwarder put

    addn-hosts=/etc/extra

    Restart the forwarder then those will resolve

    [2.2-RC][root@pfSense.local.lan]/etc: cat /etc/extra
    192.168.1.14 test.local.lan
    192.168.1.15 test2.local.lan
    192.168.1.16 test.other.lan
    [2.2-RC][root@pfSense.local.lan]/etc: host test.other.lan
    test.other.lan has address 192.168.1.16
    [2.2-RC][root@pfSense.local.lan]/etc: host test.local.lan
    test.local.lan has address 192.168.1.14
    [2.2-RC][root@pfSense.local.lan]/etc: host test2.local.lan
    test2.local.lan has address 192.168.1.15
    [2.2-RC][root@pfSense.local.lan]/etc:

    Along with anything that is also in the host over ride second of the forwarder.  I am not sure if there is command for unbound to do the same sort of thing?  Or if you can run the forwarder and resolver at the same time.  You mention forwarder but then you point to unbound error?  Unbound is used when resolver is used.

    But this is a quick and dirty easy way to load as many host overides you would want to load

    edit:  If your using the resolver, in the advanced box you can add lines like this

    server:
    local-data: "click01.aditic.net A 10.10.10.1"
    local-data: "click02.aditic.net A 10.10.10.2"

    For hosts you need vs putting in host override gui interface, that should allow you to post in lots of Hosts you want to resolve to local IPs.

    [2.2-RC][root@pfSense.local.lan]/root: host click01.aditic.net
    click01.aditic.net has address 10.10.10.1
    [2.2-RC][root@pfSense.local.lan]/root: host click02.aditic.net
    click02.aditic.net has address 10.10.10.2



  • Thanks John for your suggestion.  This looks like just what I need but can't make it work. I put my space(s) delimited file as /etc/hostscustom then gave this file the same properties as the hosts file 0755 if I recall.  Then I enabled the forwarder but could not ping by hostname the entries in the file.  This of course took down unbound that had to be restarted.  Do I need to take any extra spaces between the IP and the HOSTNAME?  The hostscustom file is formated below;

    AP14SE 192.168.x.1
    AP15NW 192.168.x.2
    AP16 192.168.x.3

    I'm fairly certain unbound takes it's hosts from the forwarder even if it's not enabled.  I thought by enabling/disabling the forwarder it would create a file that unbound uses.  Didn't seem too.  Do you know what location/file the forwarder puts it's host overrides so I can check that it's getting this far?


  • LAYER 8 Global Moderator

    your format is backwards.

    IP hostname

    example.

    192.168.1.14 test.local.lan
    192.168.1.15 test2.local.lan
    192.168.1.16 test.other.lan

    Stuff that you put in the overrides is put into the actual /etc/hosts file

    If your using the actual resolver, then you can put like this in the advanced box

    server:
    local-data: "click01.aditic.net A 10.10.10.1"
    local-data: "click02.aditic.net A 10.10.10.2"

    You can also store the those in .conf file here

    /var/unbound/



  • Ok, I reversed the IPs/Hostnames.  Stopped Unbound service, started DNS Forwarder, and no additions were made to the /etc/hosts file.  I believe if I put them in the unbound configuration file it will get blown out on reboot will it not?  The Unbound Dns Advanced Settings has a Custom Settings box but I've found this to only accept a small command subset of a full unbound install so I'm not confident this area is where they should be dropped.


  • Banned

    @markn62:

    no additions were made to the /etc/hosts file

    This is absolutely NOT how it works. Also, you are using completely wrong format if working with unbound (resolver) instead of dnsmasq (forwarder). Re-read the post right above yours.



  • Ya, for one, the custom hostnames are stored in /usr/pbi/unbound-amd64/etc/unbound/unbound.conf. Has overrides, host entries, dhcp reservations, etc.  Not a place to edit I'm fairly sure.  Unbound picks up whatever is in the dns forwarder host override section.  What is the easiest place to modify the host overrides where unbound will use them?


  • Banned

    I give up. Kindly upgrade to 2.2 and only use the GUI for both forwarder and resolver overrides.



  • You jump in with one comment then give up?  The stamina…  ;-)
    I'm on what http://updates.pfsense.org/_updaters/amd64 says is the latest PfSense upgrade 2.1.5-RELEASE (amd64)
    built on Mon Aug 25 07:44:45 EDT 2014.  Where is 2.2?


  • Banned

    You'd better wait till it's officially released if unable to find the snapshots.



  • I'll certainly wait for the official release but waiting for a solution to this is not in my DNA.  If I can't find the solution here I google til I find it.  Looks by my last post it was just about an hour.

    I may have found the proper syntax for the dns forwarder advanced box.  Should be; address=/host.domain/x.x.x.x per http://thomasloughlin.com/pfsense-dnsmasq-advanced-setup/

    The forwarder accepts the syntax. I'll see if unbound picks it up after a cron reboot.


  • LAYER 8 Global Moderator

    Why would unbound pick up stuff you put in the forwarder section??  They are 2 different systems..

    Notice how stuff you put in resolver overrides is not listed in the forwarder gui..

    What are you using the forwarder or the resolver??  Are you trying to use both at the same time?  They can not run on the same port or IP..

    What I can tell you for fact, is stuff you put in the host over rides is for sure placed into the /etc/hosts file - see attached.

    What are you not understanding about the info given.. I have shown you how to import stuff be it the forwarder or the resolver.. What can I do to make it clearer for you - do you need more pictures?

    "What is the easiest place to modify the host overrides where unbound will use them?"

    As already stated you can paste them in the advanced box in the resolver section per my examples above, or you can put those entries in a .conf file in the folder where unbound picks up .conf files if you don't want to paste them into the advanced box.

    If you want to use the resolver, then point to a file per my example and use the correct format IP name in your file.




  • John,
    Are you serious?  What are you calling a resolver override?  Perhaps we have a terminology misunderstanding.  In the ver 2.1.5 GUI there is only forwarder host overrides, forwarder advanced, and unbound dsn advanced settings - custom options.

    Dok says only use the GUI and you say otherwise yet you don't challenge Dok's suggestion.  And I'm finding your info repeatedly flawed.  Firstly the /etc/hosts file only has two entries, 127.x and my lan ip.  It is not picking up anything from the forwarder overrides or advanced.  Secondly, your suggestion to use addn-hosts=/etc/extra in the forwarder advanced produces an error at the top of this GUI page so referencing a custom hosts file is not do-able even though you insist it does.  It's not a file name or content issue, its a syntax issue.

    So yes, I have tried all your suggestions with failure.  I get it and don't need pictures.  Anyone who has used PfSense for any time knows the unbound package uses the forwarder host overrides. You only need to cat /usr/pbi/unbound-amd64/etc/unbound/unbound.conf to understand this. And the forwarder doesn't have to be enabled for this to happen.  Certainly I'm not using the forwarder and unbound together.  Again if you've used PfSense for any time you would know enabling the forwarder will stop the unbound service so it's not possible to run concurrently, so why ask if I am?

    I did determine after this AM's cron reboot that the forwarder advanced entry of "address=/host.domain/x.x.x.x doesn't get picked up by unbound even though the forwarder doesn't choke on it.  So still looking for a practical solution to entering a couple hundred private host overrides so nTopNG can DNS resolve the private IP's.  So far only the forwarder override entries and the DHCP static leases are making it into the unbound.conf file.


  • Banned

    @markn62:

    Anyone who has used PfSense for any time knows the unbound package uses the forwarder host overrides.

    Not any more on 2.2 since it is not a package in the first place there. Stop sticking the overrides to obsolete places that were not intended for this anyway. If you want overrides for unbound, then kindly use the already suggested proper method above, or simply install 2.2 and use the GUI.


  • LAYER 8 Global Moderator

    ^ exactly.. What version are you on?  Are you still using 2.1.5?  With unbound package?  2.2 integrated unbound as the resolver.

    Do you want me to remote in and set it up for you?  I can not help you if your trying to use unbound as a package and leverage the forwarder overrides, or how that used the forwarder stuff?  I never used the package other than some quick look at it.  But if your on 2.2 the info I have given is valid and tested on my own system and works as I have described.

    If your using the unbound package, you should be able to put the entries as I have shown in a .conf file in the directory where unbound loads its .conf and have it load in whatever hosts you need.

    I can always fire up my 2.1.5 vm and install the package and validate that.


  • Banned

    The advanced config works the same with the 2.1.x package, except that you need trailing ; on each advanced config line, IIRC.


  • LAYER 8 Global Moderator

    Yup and its in a different tab under the package gui page unbound advanced dns settings at the bottom there is custom box

    So I just validated this works, you don't need server: in the package.  Not sure the package loads .conf files like the 2.2 integration does.

    This is off 2.1.5 i386 vm.. Turned off forwarder, enabled unbound package.




  • Ahhh, so while I've been testing DNS Forwarder advanced entries you all have been talking Unbound Dns Advanced Settings.  And to not add a ; after address=/host.domain/x.x.x.x but after each line using syntax like so:

    local-data: "click01.aditic.net A 10.10.10.1";
    local-data: "click02.aditic.net A 10.10.10.2";

    No wonder that above gave an error in the DNS Forwarder.  I've already been using this area with entries:
    forward-zone:;name: ".";
    forward-addr: 8.8.8.8;
    forward-addr: 8.8.4.4;
    forward-addr: 4.2.2.1;

    And yes I'm still running version 2.1.5.  If I knew 2.2 was stable, and how to upgrade to it differently than using the firmware update GUI page, I might be inclined too.  Not sure why I'm getting dogged for not using a beta version.  This is a production box I can't just fiddle with anytime I wish.

    Thanks for clarifying this.  Figured we had to be miscommunicating cause no suggestions seemed to work. I'll try Unbound Dns Advanced Settings - Custom Options entries later today, out of time this AM.


  • LAYER 8 Global Moderator

    Here is the thing in your first post you stated forwarder, but then said there were unbound errors.  I asked for clarification right off the bat were you using the "forwarder" or unbound - with you saying unbound I also maybe in error assumed you were on 2.2.  Which is when unbound was integrated since you made no mention of using the "package"

    IMHO 2.2 is stable - there are 0 bugs left that I am aware of, and been RC for quite some time.  It could drop final any day I would think.  To upgrade too it all you have to do is grab snap.  http://snapshots.pfsense.org/  There has not been a update since the 16, which also points to final being any day now ;)  Normally snaps are produced like twice a day.



  • Well I had a response but got snagged by the login timeout and forgot to copy/paste my post before submitting.  So I'll just apologize for assumptions made and the long thread.



  • Entered

    server:
    local-data: "click01.aditic.net A 10.10.10.1"

    into Unbound Dns Advanced Settings and works like a champ.  Helps when put in the proper GUI location.  ;)

    Thanks again guys for your help and patience.



  • Well that's a peach.  After all this effort to get a local ip / hostname relationship established in Unbound it appears neither nTopNG or Bandwidthd use Unbound to resolve the locals, both still show IP's.  I have nTopNG set to "Decode DNS responses and resolve all numeric IP's".  So at least nTopNG should be displaying hostnames.  I ping by hostname and it resolves.



  • Does anyone have private IP host overrides in Unbound to know if NtopNG and/or Bandwidthd, within PfSense ver 2.2, will DNS resolve the privates?



  • Interestingly, when I packet capture with the "reverse dns lookup" box checked the results for private IP's is x.x.x.x.sae-urn, again numbers with an odd hostname.  So doesn't look like PfSense is using host overrides in Unbound either.  Is this because Unbound is a package in pre ver 2.2?


  • LAYER 8 Global Moderator

    And what do you have pfsense set to use for resolving?  Does it look to itself where you put the over rides in?



  • The General dns server has a Lan Ip entry with gw set to none.  I'm using the Unbound resolver with network interfaces set to Localhost and Lan.  And in Unbound Advanced I have entries, example;
    local-data: "host.domain A ip address"
    local-data: "host.domain A ip address"

    I expected by also choosing localhost along with Lan that internal services could access the resolver via localhost, doesn't appear too.  The names are resolving in an outboard syslog server fine just not internally.


  • LAYER 8 Global Moderator

    In general dns you have pfsense lan IP?

    So I don't have any setup in general dns.  In dhcp servers I don't have anything listed - so it hands out the IP of the interface your dhcp server is running on to clients for dns.

    If on pfsense I just do a simple drill command it comes back with root hints and shows its using localhost to resolve

    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1
    ;; WHEN: Fri Feb 20 15:12:48 2015

    If I query using drill on cmd line of pfsense for a local host name I have in over rides it resolves just fine.

    [2.2-RELEASE][root@pfSense.local.lan]/root: drill i5-w7.local.lan
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 50574
    ;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; i5-w7.local.lan.    IN      A

    ;; ANSWER SECTION:
    i5-w7.local.lan.        3600    IN      A      192.168.1.100

    ;; AUTHORITY SECTION:

    ;; ADDITIONAL SECTION:

    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1
    ;; WHEN: Fri Feb 20 15:15:38 2015
    ;; MSG SIZE  rcvd: 49

    [2.2-RELEASE][root@pfSense.local.lan]/root: drill -x 192.168.1.100
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 14132
    ;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; 100.1.168.192.in-addr.arpa.  IN      PTR

    ;; ANSWER SECTION:
    100.1.168.192.in-addr.arpa.    3600    IN      PTR    i5-w7.local.lan.

    ;; AUTHORITY SECTION:

    ;; ADDITIONAL SECTION:

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1
    ;; WHEN: Fri Feb 20 15:16:34 2015
    ;; MSG SIZE  rcvd: 73

    When you use the advanced section, I am not sure it creats the PTR?  If you put them in the over ride its doing it as you can see from the above test.  But you say it works from machine that asks pfsense resolver for the host or IP.  So seems to me its just psfsense is not looking to itself.



  • Yes, as I commented, I do have the Lan IP in general, dns. Is this no longer required now that Unbound is integrated from a package as the dns resolver? I have a couple hundred entries so I prefer not to use the GUI override, would be time consuming. I ran the drill command and it resolved from the Lan IP but would not reverse lookup when using localhost.  I have no Dns addy's in Dhcp Server Lan.  With your setup can you resolve from a Lan client to PfSense Lan IP?  I'm running an external syslog server on the Lan subnet and it resolves ok and is pointed to the Lan Ip.

    So the settings should be;
    General Dns = no entry
    Dhcp Server Dns = no entry
    Dns Resolver, Network Interfaces = localhost + Lan or just localhost?

    2.2-RELEASE][admin@pfsense.host]/root: drill Davidson.host ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 6902 ;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION:
    ;; Davidson.host.      IN      A

    ;; ANSWER SECTION:
    Davidson.host. 3600    IN      A      192.168.150.152

    ;; AUTHORITY SECTION:

    ;; ADDITIONAL SECTION:

    ;; Query time: 0 msec
    ;; SERVER: 192.168.2.1
    ;; WHEN: Fri Feb 20 14:17:26 2015
    ;; MSG SIZE  rcvd: 48
    [2.2-RELEASE][admin@pfsense.host]/root: drill -x 192.168.150.152 ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 56723 ;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION:
    ;; 152.150.168.192.in-addr.arpa.        IN      PTR

    ;; ANSWER SECTION:

    ;; AUTHORITY SECTION:
    168.192.in-addr.arpa.  10800  IN      SOA    localhost. nobody.invalid. 1 3600 1200 604800 10800

    ;; ADDITIONAL SECTION:

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1
    ;; WHEN: Fri Feb 20 14:17:38 2015
    ;; MSG SIZE  rcvd: 105



  • I took the General, Dns entry out and left all else the same.  The drill command is now reporting the Server is 127.0.0.1.  Resolver is working fine. Still don't know why drill -x IpAddy doesn't produce a reverse lookup, no answer.  Btw, how can you get DHCP Static IP's into the DNS Resolver?  Do they have to be duplicated in the resolver's advanced settings?


  • LAYER 8 Global Moderator

    Yes you need your resolve to listen on both your lan and localhost - if you want people on the lan to be able to query it.

    So this record davidson.host - is it in the forwarders section or advanced?

    So I put the record in advanced section and

    [2.2-RELEASE][root@pfSense.local.lan]/root: drill testadv.lan
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 16194
    ;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; testadv.lan. IN      A

    ;; ANSWER SECTION:
    testadv.lan.    10800  IN      A      1.2.3.4

    ;; AUTHORITY SECTION:

    ;; ADDITIONAL SECTION:

    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1
    ;; WHEN: Sat Feb 21 05:36:25 2015
    ;; MSG SIZE  rcvd: 45

    [2.2-RELEASE][root@pfSense.local.lan]/root: drill -x 1.2.3.4
    ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 42347
    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; 4.3.2.1.in-addr.arpa.        IN      PTR

    ;; ANSWER SECTION:

    ;; AUTHORITY SECTION:
    1.in-addr.arpa. 172797  IN      SOA    ns1.apnic.net. read-txt-record-of-zone-first-dns-admin.apnic.net. 5114 7200 1800 604800 172800

    ;; ADDITIONAL SECTION:

    ;; Query time: 1 msec
    ;; SERVER: 127.0.0.1
    ;; WHEN: Sat Feb 21 05:37:10 2015
    ;; MSG SIZE  rcvd: 127

    If I put it in forwarders..

    [2.2-RELEASE][root@pfSense.local.lan]/root: drill -x 1.2.3.4
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 61473
    ;; flags: qr aa rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; 4.3.2.1.in-addr.arpa.        IN      PTR

    ;; ANSWER SECTION:
    4.3.2.1.in-addr.arpa.  3600    IN      PTR    testadv.lan.

    ;; AUTHORITY SECTION:

    ;; ADDITIONAL SECTION:

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1
    ;; WHEN: Sat Feb 21 05:38:21 2015
    ;; MSG SIZE  rcvd: 63
    [2.2-RELEASE][root@pfSense.local.lan]/root:

    If your going to use advanced, and you want PTR then you will have to put them in - they are not auto created like when using the actual over ride gui section.

    As to statics – they are in automatically if you check to put them in there..  Do you have a NAME on them?  See they don't even have to be fully qualified






  • @johnpoz:

    So this record davidson.host - is it in the forwarders section or advanced?

    Record davidson.host is in the advanced section.  I don't use the forwarder.

    @johnpoz:

    As to statics – they are in automatically if you check to put them in there..  Do you have a NAME on them?  See they don't even have to be fully qualified

    Check what to put them in? I've entered a hostname in each DHCP Static Mapping entry but no domain name.  However, they don't resolve.

    I really appreciate all your help on this John.  Got nearly everything DNS related working well.


  • LAYER 8 Global Moderator

    my bad not the forwarders section.. The host over rides section..



  • Guess I'll just duplicate each DHCP Static Mapping entry into resolver, advanced if there is no setting to populate the resolver with them automatically. Thanks again.


  • LAYER 8 Global Moderator

    What?  Why would you have to to duplicate anything?

    If you have a static entry your done.  Show me your static entry that does not resolve?

    If your using advanced instead of the over rides then there will not be a PTR, unless you do it like I did.



  • Get nothing with drill.

    [2.2-RELEASE][admin@pfsense.host]/root: drill Surveillance.host
    ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 60456
    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; Surveillance.host.  IN      A

    ;; ANSWER SECTION:

    ;; AUTHORITY SECTION:
    .      39672  IN      SOA    a.host-servers.net. nstld.verisign-grs.com. 2015022200 1800 900 604800 86400

    ;; ADDITIONAL SECTION:

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1
    ;; WHEN: Sun Feb 22 10:39:57 2015
    ;; MSG SIZE  rcvd: 111
    [2.2-RELEASE][admin@pfsense.host]/root: drill Iomega.host
    ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 49827
    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; Iomega.host.        IN      A

    ;; ANSWER SECTION:

    ;; AUTHORITY SECTION:
    .      39664  IN      SOA    a.host-servers.net. nstld.verisign-grs.com. 2015022200 1800 900 604800 86400

    ;; ADDITIONAL SECTION:

    ;; Query time: 44 msec
    ;; SERVER: 127.0.0.1
    ;; WHEN: Sun Feb 22 10:40:05 2015
    ;; MSG SIZE  rcvd: 105
    [2.2-RELEASE][admin@pfsense.host]/root: drill EdgeNas.host
    ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 60301
    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;; EdgeNas.host.      IN      A

    ;; ANSWER SECTION:

    ;; AUTHORITY SECTION:
    .      39654  IN      SOA    a.host-servers.net. nstld.verisign-grs.com. 2015022200 1800 900 604800 86400

    ;; ADDITIONAL SECTION:

    ;; Query time: 0 msec
    ;; SERVER: 127.0.0.1
    ;; WHEN: Sun Feb 22 10:40:15 2015
    ;; MSG SIZE  rcvd: 106
    [2.2-RELEASE][admin@pfsense.host]/root:

    Hit and miss with ping.

    C:>ping Surveillance

    Pinging Surveillance [192.168.2.100] with 32 bytes of data:

    Reply from 192.168.2.100: bytes=32 time<1ms TTL=64
    Reply from 192.168.2.100: bytes=32 time<1ms TTL=64
    Reply from 192.168.2.100: bytes=32 time<1ms TTL=64
    Reply from 192.168.2.100: bytes=32 time<1ms TTL=64

    Ping statistics for 192.168.2.100:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms

    C:>ping IomegaNas
    Ping request could not find host IomegaNas. Please check the name and try again.

    C:>ping EdgeNas

    Pinging EdgeNas [192.168.2.112] with 32 bytes of data:

    Reply from 192.168.2.112: bytes=32 time<1ms TTL=64
    Reply from 192.168.2.112: bytes=32 time<1ms TTL=64
    Reply from 192.168.2.112: bytes=32 time<1ms TTL=64
    Reply from 192.168.2.112: bytes=32 time<1ms TTL=64

    Ping statistics for 192.168.2.112:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms

    C:>

    Get nothing with the PfSense GUI Ping command either.



  • LAYER 8 Global Moderator

    And where are you putting these .host records?  In the advanced section?  OR the over rides? This really is just click..

    And your not getting nothing back, your getting NX.. As to ping your prob broadcasting for netbios name since your not putting in FQDN.

    So see attached.  Keep in mind if your using resolver you have to put the over rides in the resolver section, if you put them in the forwarder section not going to work.  If your using advanced and you want PTR to work you have to create actual PTR.  It is MUCH easier to use over rides vs advanced section.  Only use the advanced section if you have to load up a lot of records or doing something fancy like a MX record or cname, etc.




  • Only using the Advanced section because I'm only using the Resolver.  I am using the Advanced section because I have over 200 entries.

    What I'm discovering is I can drill to any host.domain entry if they're in the DHCP Server Lan static mappings or if they're in the Resolver, Advanced section.  The problem is that the syslog server I have running on the Lan subnet, that's pointed to x.x.2.1 (the Lan Gw), resolves all host.domain entries unless they are in the Lan subnet.  All addresses in the nine subnets handled by the System Gateways resolve fine.

    So I'm trying to figure out why the resolver reveals all host.domain Ip's if drilled I presume via the resolvers address of 127.0.0.1 fine. But via the Lan1 gw x.x.20.x or x.x.30.x. etc. resolves fine but anything x.x.2.x doesn't.

    Hope this clarifies the issue.
    It's the only remaining resolver problem I haven't been able to figure out.

    This might be a clue though. My syslog handles the 2.x subnet differently than the 20.x and other subnets.  The former is by dhcpd and doesn't resolve.  The latter is by dnsmasq and does resolve.

    2015-02-22 13:44:44 Local7.Info pfsense Feb 22 13:44:44 dhcpd: DHCPACK to 192.168.2.103(unresolved) (d4:3d:3e:4b:af:5d) via igb2
    2015-02-22 13:45:25 Daemon.Info AP7 Feb 22 13:45:25 dnsmasq[1071]: DHCPACK(ath0) 192.168.70.113(J_Brubaker) 00:27:19:5e:ba:61 J_Brubaker


  • LAYER 8 Global Moderator

    What??

    Make sno sense..

    So you have your resolver (unbound) on pfsense listening on all its interfaces.. And they resolve just fine on pfsense localhost (127.0.0.1) and the other interfaces like 20.x and 30.x – and why are you using x here?  ARe these not rfc1918?

    So you have another box your syslog server that is not resolving a PTR for 192.168.2.103??  Does pfsense resolve this PTR?



  • I finally got this sorted out.  In an obscure location the syslog server revealed that DNS lookup is disabled in their basic package, the pro version is needed.  Or a separate static host file can be pre-loaded.  So for now I reformatted the host file for the syslog server to load and all private IP's are being resolved by both PfSense internally and the external syslog server. Yes, all privates are RFC1918. By 20.x I mean 192.168.20.x.

    Whew!  Glad this is resolved, pun intended.  Been working off and on for weeks trying to get this going. Thanks again John for all your help.


Log in to reply