DNS traffic using vpn tunnel in 2.2
-
My network is a typical lan connected windows domain. pfsense is used for internet, openvpn client and public dns. windows dns server has pfsense as forwarder. In 2.1.3, dns traffic used wan connection but 2.2 uses vpn tunnel. The vpn route seems to be less stable and dns server becomes non responsive every couple of days. Restart is not simple. I have tried restarting services, clients and servers. Not sure what gets things running again.
In 2.2, how do I go back to using wan connection for dns traffic?
-
Where does the DNS server reside? The connectivity to it will be determined by the system routing table, sounds like you have a route out via the VPN to the DNS server IP.
-
My local dns server is running on a windows domain controller. It also run a dhcp server. All computers use pfsense as the gateway. It is the pfsense firewall rule on the lan interface that routes tcp traffic to the vpn client.
In 2.2, if I use pfsense as forwarder on my local dns server then the vpn is used. If I use a public dns server as forwarder on my local dns server then wan is used. I could go this way to make it work but I would like to keep things the way they were in 2.1.3
Thank you for your help in trouble shooting my dns problems in 2.2
-
So you're saying you want the DNS requests initiated by the Windows server to use the Internet, not the VPN?
In that case, you'll need to add a firewall rule on LAN, specifying the server's IP as the source, leaving gateway set to default, so it goes out via WAN. That wouldn't have changed from previous versions.
-
@cmb:
So you're saying you want the DNS requests initiated by the Windows server to use the Internet, not the VPN?
In fact, it is the pfsense unbound dns resolver service behaviour that seems to have changed in 2.2
-
If you switched from dnsmasq to Unbound after upgrade, it can have different behavior depending on what you're doing and what you have setup vs. what was in dnsmasq. Are you using forwarder mode in Unbound?