Can't resolve usind pfsense DNS in CARP
-
Hi.
I have a cluster with 2 nodes: 172.16.16.2 and 172.16.16.3 (LAN) IP's.
CARP is configured and working (almost) fine. The problem is with DNS. I'm using default pfsense configuration, which means DNS Resolver and "ALL' as interface for listening on DNS Resolver.
My LAN VIRT IP is 172.16.16.1 and works fine if I shutdown any node. The problem is that I can't use this IP as my DNS server for my clients…..they just doesn't resolve anything, no errors, just timeout. If I use one (or both) node IP as DNS server, everything works fine....but this has a little delay in case of fail of one cluster. Also, tutorial says to use VIRT IP as DNS server.
Again, I can ping and translate (NAT) using this IP (.1), just DNS that doesn't work. -
Really?
Nobody having this same issue? :( -
The following was helpful
DNS Resolver
Menu: Services -> DNS ResolverTIP: Edit and save the DNS resolver settings (without making any changes), this will regenerate the config so that the DNS resolver can respond on the CARP interface.
http://blog.thedarkwinter.com/2015/03/pfsense-ha-hardwaredevice-failover.html
-
Strangely enough I am running into the same issue. The CARP interface doesn't respond to DNS queries, but the actual host addresses respond OK.
-
Solved by changing firewall rule from allowing dns to " lan address", to allowing dns to "lan net". Don't want to use "This Firewall" as I don't want to allow traffic to other interfaces.