PfSense unable to query reverse DNS from Windows Server



  • Good morning,
    this is current network setup:

    • pfSense -> x.x.x.254
    • Windows Server 2012R2 (PDC) -> x.x.x.201
    • Windows Server 2012R2 (SDC) -> x.x.x.202

    In pfSense general setup I have inserted x.x.x.201 and x.x.x.202 as DNS servers
    "Allow DNS server list to be overridden by DHCP/PPP on WAN" is disabled

    On Windows client if I execute "nslookup x.x.x.201" it correctly returns "Server-PDC" but on pfSense Diagnostics DNS Lookup it returns "no record found".

    What could be the problem?


  • Banned

    Did you put the reverse zones to domain overrides on pfSense?

    (If it still doersn't work then, you should either turn off DNSSEC validation on pfSense, or turn it off on the Windows DNS servers.)

    P.S. Why are you obfuscating RFC1918 IPs?!  ::))



  • Thanks, now it works fine.
    In this way I can insert only one DC IP address, how to guarantee failover?

    Seems that switching to DNS Forwarder solves the problem because it will query both servers,
    but considering that firewall has others public interfaces (Guest WiFi for example) where DNS is firewall itself,
    could be a potential security issue?

    PS: Regarding IPs obfuscating I'm used to do it, also if I know that it's useless..


  • Banned

    @Gabri.91:

    In this way I can insert only one DC IP address, how to guarantee failover?

    Not true. Simply insert it multiple times, for each server. It's even noted in the GUI



  • Sorry, I haven't noticed it  :-[

    Thanks!


Log in to reply