Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Hostname resolves from "Admin Interface (webGUI)" but not from "Gust" machine

    DHCP and DNS
    2
    3
    532
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      three18ti
      last edited by

      Hello All,

      I'm having a little trouble getting DNS to work as I would expect it so I'm hoping someone can point me in the right direction.

      The short version is we're trying to move some devices from our "public" network to behind pFsense in a "private" network.  Until I create a host override with the new private IP, I need to be able to have devices behind pFsense resolve the public IP.

      E.g.:

      server1.foo.com
        - Current IP: 192.168.15.10
        - Desired IP: 10.10.10.10
      server2.foo.com
        - Current IP: 192.168.15.11
        - Desired IP: 10.10.10.11
      server3.foo.com
        - Current IP: 192.168.15.12
        - Desired IP: 10.10.10.11

      Currently all servers resolve the 192 addresses from an external DNS server.  I'd like to move server1.foo.com behind pFsense, add a host override so that server1.foo.com resolves to the 10 address for all clients in the 10 address, which works fine.  However, server1 is unable to resolve the server2 and server3 addresses unless I add a host override.

      The domain assigned to pFsense is foo.com, as are basically all of our devices.

      Without the host override, I am able to login to the Web GUI and resolve server2.foo.com to the 192 address without issue.  When I connect to server1 and perform an nslookup I receive a "Can't find server2.foo.com: No Answer" response.

      Manually adding host overrides does seem to be a valid workaround, but I have hundreds of addresses to add, and a fully functioning DNS server, so I'd like to avoid duplicating work if at all possible.

      I think the issue may have something to do with the assigned domain of pFsense, however, I receive the same behavior when pFsense is configured as a Resolver or a Forwarder…

      Any help is greatly appreciated.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        I will be a bit confused, because in your post you have 192.168 and 10 addresses that are all in private space, but you talk about the public IP of devices.
        Anyway, do you have a domain override in pfSense for "foo.com" that points to the authoritative DNS server for "foo.com".
        If you add the domain override, then pfSense should lookup name.foo.com by:
        a) If there is a specific host override for name.foo.com then return it.
        b) Send a DNS lookup request to the "foo.com" DNS server, as specified in the domain override, and return whatever answer that gives.

        On your servers, as they move into private space, you should be able to point them to pfSense for DNS and they will learn the appropriate public/private IP for their friends as the transition happens.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • T
          three18ti
          last edited by

          Hi Phil,

          Well, I suppose technically speaking it's all "private" since none of it routes outside of the corporate network, however, subjectively speaking, since the 192 address space is reachable by everyone in the company, and to use common terminology, it's considered "public" space within our organization.  The 10 space is truly private as it only exists in my environment behind pFsense.

          But I think you answered my question, the domain override tells pFsense to look at X dns server for all addresses in the foo.com domain.

          I think that's the piece of the puzzle I was missing, thanks a ton!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post