Proper DNS

sdp0024

Recently installed on VM host and everything works great.

One small issue is that I cannot access local web server using public FQDN. Only accessible from outside local networks from another location.

Don't have DNS forwarder or resolver enabled nor do I understand how to configure them.
![Screen Shot 2015-08-19 at 11.00.40 AM.png](/public/imported_attachments/1/Screen Shot 2015-08-19 at 11.00.40 AM.png)
![Screen Shot 2015-08-19 at 11.00.40 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-19 at 11.00.40 AM.png_thumb)

KOM

https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

Protip: Use method #2.

sdp0024

Ports aren't forwarded. Is this still valid link?

Derelict

What do you mean ports aren't forwarded?

You are using either 1:1 NAT, Port forwarding, or are not describing your network clearly.

sdp0024

It's external 443 is 443 internally. I guess this is called 1:1

sdp0024

Doesn't look like it worked.

Attached settings screenshot.

![Screen Shot 2015-08-19 at 11.21.54 AM.png](/public/imported_attachments/1/Screen Shot 2015-08-19 at 11.21.54 AM.png)
![Screen Shot 2015-08-19 at 11.21.54 AM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-19 at 11.21.54 AM.png_thumb)

Derelict

No. You don't have to change the port for it to be a port forward.

You need DNS that resolves to the external address for external clients and the internal address for internal clients. Whether you use DNS Resolver/Forwarder or another DNS server is up to you.

Is the host you're testing from configured to use pfSense as its DNS Server.

sdp0024

My computer is using pfsense for DNS as well as our app server.

Generated by NetworkManager

nameserver 192.168.1.1
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 4.2.2.2

Derelict

You have to only use DNS servers that return the results you need. Change that to just use pfSense.

You can use multiple internal name servers but they all have to be configured to return the same results for the same queries from the same clients.

(Actually that's google and level 3 I think)

sdp0024

Ok, changed DHCP to only hand out local DNS of 192.168.1.1 and removed the google DNS and Verizon DNS from the app server.

Still cannot navigate to www.parks-properties.com, cloud.* or crm.*

Derelict

When you look up the name on the client what address do you get?

Did you release/renew on the client?

I have no idea what cloud.* or crm.* are. Sorry.

And the only thing that matters in this case is what the client is set to use as the DNS server. it needs to have the internal IP address of the server in question in the answer.

johnpoz

So does 192.168.1.1 know about www.parks-properties.com

You want that to resolve to something local to you?

That resolves on the public internet to
;; ANSWER SECTION:
www.parks-properties.com. 86400 IN CNAME parks-properties.com.
parks-properties.com. 300 IN A 108.226.16.69

If you want your clients to resolve something local.. Then using either the forwarder or resolver in pfsense create host over rides or let it registered your dhcp

example - here is a local machine that resolves
C:>nslookup
Default Server: pfSense.local.lan
Address: 192.168.9.253

storage.local.lan
Server: pfSense.local.lan
Address: 192.168.9.253

Name: storage.local.lan
Address: 192.168.9.8

If I want www.parks-properties.com to resolve to say 10.0.0.1 then I just put in a simple over ride

sdp0024

Both client and app server using pfsense for DNS (192.168.1.1)

I've put in host overrides for
www / parks-properties.com / 192.168.1.90
crm / parks-properties.com / Alias for www.parks-properties.com
cloud / parks-properties.com / Alias for www.parks-properties.com

crm.parks-properties.com & cloud.parks-properties.com are also hosted on the same app server with their own directories.

Thank you all for helping with this as well. I really appreciate it.

![Screen Shot 2015-08-19 at 12.59.56 PM.png](/public/imported_attachments/1/Screen Shot 2015-08-19 at 12.59.56 PM.png)
![Screen Shot 2015-08-19 at 12.59.56 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2015-08-19 at 12.59.56 PM.png_thumb)

sdp0024

Looks like subdomains work just not the www.parks-properties.com or parks-properties.com

johnpoz

what are you saying is not working. From cmd line do simple nslookup or dig or drill or host whatever your fav dns tool is.

So I setup alias for crm

C:>nslookup

www.parks-properties.com
Server: 192.168.9.253
Address: 192.168.9.253#53

Name: www.parks-properties.com
Address: 10.0.0.1

crm.parks-properties.com
Server: 192.168.9.253
Address: 192.168.9.253#53

Name: crm.parks-properties.com
Address: 10.0.0.1

sdp0024

I can now access crm.parks-properties.com & cloud.parks-properties.com locally but not our website either using www or parks-properties.com

No a huge issue as I can always access from wan location but would prefer to be able to access as well from LAN since data speeds will be so much better.

Derelict

This isn't rocket science.

get a DNS utility called dig or drill and find out where the problem is.

johnpoz

I am with you derelict.. Dig is a tool I use every single day.. He doesn't have to get anything quite sure his OS comes with a way to query dns from a cmd line.. Pretty sure nslookup no matter how bad it is in windows can still just do a simple query.

sdp0024.. Please do a query for what you feel is not working, as per my examples. If something is not working, have you cleared your local cache?