Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Proper DNS

    DHCP and DNS
    4
    18
    2103
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sdp0024 last edited by

      Recently installed on VM host and everything works great.

      One small issue is that I cannot access local web server using public FQDN. Only accessible from outside local networks from another location.

      Don't have DNS forwarder or resolver enabled nor do I understand how to configure them.
      ![Screen Shot 2015-08-19 at 11.00.40 AM.png](/public/imported_attachments/1/Screen Shot 2015-08-19 at 11.00.40 AM.png)
      ![Screen Shot 2015-08-19 at 11.00.40 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-19 at 11.00.40 AM.png_thumb)

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

        Protip: Use method #2.

        1 Reply Last reply Reply Quote 0
        • S
          sdp0024 last edited by

          Ports aren't forwarded. Is this still valid link?

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            What do you mean ports aren't forwarded?

            You are using either 1:1 NAT, Port forwarding, or are not describing your network clearly.

            1 Reply Last reply Reply Quote 0
            • S
              sdp0024 last edited by

              It's external 443 is 443 internally. I guess this is called 1:1

              1 Reply Last reply Reply Quote 0
              • S
                sdp0024 last edited by

                Doesn't look like it worked.

                Attached settings screenshot.

                ![Screen Shot 2015-08-19 at 11.21.54 AM.png](/public/imported_attachments/1/Screen Shot 2015-08-19 at 11.21.54 AM.png)
                ![Screen Shot 2015-08-19 at 11.21.54 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-19 at 11.21.54 AM.png_thumb)

                1 Reply Last reply Reply Quote 0
                • Derelict
                  Derelict LAYER 8 Netgate last edited by

                  No.  You don't have to change the port for it to be a port forward.

                  You need DNS that resolves to the external address for external clients and the internal address for internal clients.  Whether you use DNS Resolver/Forwarder or another DNS server is up to you.

                  Is the host you're testing from configured to use pfSense as its DNS Server.

                  1 Reply Last reply Reply Quote 0
                  • S
                    sdp0024 last edited by

                    My computer is using pfsense for DNS as well as our app server.

                    Generated by NetworkManager

                    nameserver 192.168.1.1
                    nameserver 8.8.8.8
                    nameserver 8.8.4.4
                    nameserver 4.2.2.2

                    1 Reply Last reply Reply Quote 0
                    • Derelict
                      Derelict LAYER 8 Netgate last edited by

                      You have to only use DNS servers that return the results you need.  Change that to just use pfSense.

                      You can use multiple internal name servers but they all have to be configured to return the same results for the same queries from the same clients.

                      (Actually that's google and level 3 I think)

                      1 Reply Last reply Reply Quote 0
                      • S
                        sdp0024 last edited by

                        Ok, changed DHCP to only hand out local DNS of 192.168.1.1 and removed the google DNS and Verizon DNS from the app server.

                        Still cannot navigate to www.parks-properties.com, cloud.* or crm.*

                        1 Reply Last reply Reply Quote 0
                        • Derelict
                          Derelict LAYER 8 Netgate last edited by

                          When you look up the name on the client what address do you get?

                          Did you release/renew on the client?

                          I have no idea what cloud.* or crm.* are.  Sorry.

                          And the only thing that matters in this case is what the client is set to use as the DNS server.  it needs to have the internal IP address of the server in question in the answer.

                          1 Reply Last reply Reply Quote 0
                          • johnpoz
                            johnpoz LAYER 8 Global Moderator last edited by

                            So does 192.168.1.1 know about www.parks-properties.com

                            You want that to resolve to something local to you?

                            That resolves on the public internet to
                            ;; ANSWER SECTION:
                            www.parks-properties.com. 86400 IN      CNAME  parks-properties.com.
                            parks-properties.com.  300    IN      A      108.226.16.69

                            If you want your clients to resolve something local..  Then using either the forwarder or resolver in pfsense create host over rides or let it registered your dhcp

                            example - here is a local machine that resolves
                            C:>nslookup                           
                            Default Server:  pfSense.local.lan     
                            Address:  192.168.9.253

                            storage.local.lan                     
                            Server:  pfSense.local.lan             
                            Address:  192.168.9.253

                            Name:    storage.local.lan             
                            Address:  192.168.9.8

                            If I want www.parks-properties.com to resolve to say 10.0.0.1 then I just put in a simple over ride


                            1 Reply Last reply Reply Quote 0
                            • S
                              sdp0024 last edited by

                              Both client and app server using pfsense for DNS (192.168.1.1)

                              I've put in host overrides for
                              www / parks-properties.com / 192.168.1.90
                              crm / parks-properties.com / Alias for www.parks-properties.com
                              cloud / parks-properties.com / Alias for www.parks-properties.com

                              crm.parks-properties.com & cloud.parks-properties.com are also hosted on the same app server with their own directories.

                              Thank you all for helping with this as well. I really appreciate it.

                              ![Screen Shot 2015-08-19 at 12.59.56 PM.png](/public/imported_attachments/1/Screen Shot 2015-08-19 at 12.59.56 PM.png)
                              ![Screen Shot 2015-08-19 at 12.59.56 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-19 at 12.59.56 PM.png_thumb)

                              1 Reply Last reply Reply Quote 0
                              • S
                                sdp0024 last edited by

                                Looks like subdomains work just not the www.parks-properties.com or parks-properties.com

                                1 Reply Last reply Reply Quote 0
                                • johnpoz
                                  johnpoz LAYER 8 Global Moderator last edited by

                                  what are you saying is not working.  From cmd line do simple nslookup or dig or drill or host whatever your fav dns tool is.

                                  So I setup alias for crm

                                  C:>nslookup

                                  www.parks-properties.com
                                  Server:        192.168.9.253
                                  Address:        192.168.9.253#53

                                  Name:  www.parks-properties.com
                                  Address: 10.0.0.1

                                  crm.parks-properties.com
                                  Server:        192.168.9.253
                                  Address:        192.168.9.253#53

                                  Name:  crm.parks-properties.com
                                  Address: 10.0.0.1

                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    sdp0024 last edited by

                                    I can now access crm.parks-properties.com & cloud.parks-properties.com locally but not our website either using www or parks-properties.com

                                    No a huge issue as I can always access from wan location but would prefer to be able to access as well from LAN since data speeds will be so much better.

                                    1 Reply Last reply Reply Quote 0
                                    • Derelict
                                      Derelict LAYER 8 Netgate last edited by

                                      This isn't rocket science.

                                      get a DNS utility called dig or drill and find out where the problem is.

                                      1 Reply Last reply Reply Quote 0
                                      • johnpoz
                                        johnpoz LAYER 8 Global Moderator last edited by

                                        I am with you derelict.. Dig is a tool I use every single day.. He doesn't have to get anything quite sure his OS comes with a way to query dns from a cmd line.. Pretty sure nslookup no matter how bad it is in windows can still just do a simple query.

                                        sdp0024.. Please do a query for what you feel is not working, as per my examples.  If something is not working, have you cleared your local cache?

                                        1 Reply Last reply Reply Quote 0

                                        Products

                                        • Platform Overview
                                        • TNSR
                                        • pfSense
                                        • Appliances

                                        Services

                                        • Training
                                        • Professional Services

                                        Support

                                        • Subscription Plans
                                        • Contact Support
                                        • Product Lifecycle
                                        • Documentation

                                        News

                                        • Media Coverage
                                        • Press
                                        • Events

                                        Resources

                                        • Blog
                                        • FAQ
                                        • Find a Partner
                                        • Resource Library
                                        • Security Information

                                        Company

                                        • About Us
                                        • Careers
                                        • Partners
                                        • Contact Us
                                        • Legal
                                        Our Mission

                                        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                        Subscribe to our Newsletter

                                        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                        © 2021 Rubicon Communications, LLC | Privacy Policy