Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Routing Randomness

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      geudrik
      last edited by

      In truth, I haven't been able to figure out whether or not this is a routing or DNS issue, so I'm hoping to get some ideas from the community at large here…

      I have noticed this issue twice

      • Domains with no A record get automatically assigned my routers IP (eg: www.pushover.com [was trying to get to pushover.net] redirects me to my admin interface)

      • For some unknown reason, using a mail client to talk to my exchange server (via HTTPS, remote) I get my routers configurator cert returned

      For the first bullet, I've checked for some kind of wildcard entry and can't seem to find one… I'm not using the forwarder, I'm using the resolver, though it happens regardless of which I use (have tried both independently)
      For the second bullet, I looked at a pcap during the setup phase of my accounts, and I see DNS queries being made and correct responses coming back, and still I get my configurator cert presented

      My suspicion that if I figure out and resolve one of the two symptoms, I'll resolve the other.

      Any thoughts or insights would be appreciated.

      1 Reply Last reply Reply Quote 0
      • G
        geudrik
        last edited by

        As an update, I figured I'd post a screen shot of what I'm seeing.

        What's more perplexing to me are the following two symptoms

        • When I use dig to query for entries on a domain that I know has no A records, I get responses that I'd expect

        • When I go to a domain in a browser that has no A record, I'm forwarded to my configurator page

        Am I stroking out here, or is this actually as confusing as I'm making it?

        dnsweirdness.png
        dnsweirdness.png_thumb

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          you using a proxy?  You doing any sort of forward on ports..

          Your browser should tell you it can not FIND that server - see example..  If your hitting your pfsense, then you have a forward or using a proxy?  Something in your browser or host pointing that name to your IP..

          browsernoArecord.png
          browsernoArecord.png_thumb

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • G
            geudrik
            last edited by

            Oh I know what I should be seeing, and the results I get occur from several different boxes on the network, so the issue isn't with a single host.

            That said, I have port forwards, yes. I have an XBox One so I have all of that douchery enabled, and I also have a couple random forwards for things like SSH on varying hosts.

            I don't utilize a proxy.

            Could the forwards be screwing with my DNS resolutions? That doesn't make sense to me though..

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              Again what does this have to do with dns resolution?? Clearly when you query for it you get SOA..  with NX… This is your browser doing something..  Your browser should show exactly what mine shows - can not get to server..  so your browser is trying to do something other than simple dns resolution..

              Clear your you local dns cache, clear your browser cache, then go there again... Then look in your cache.. That has NOTHING to do with pfsense..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • G
                geudrik
                last edited by

                @johnpoz:

                Again what does this have to do with dns resolution?? Clearly when you query for it you get SOA..  with NX… This is your browser doing something..  Your browser should show exactly what mine shows - can not get to server..  so your browser is trying to do something other than simple dns resolution..

                Clear your you local dns cache, clear your browser cache, then go there again... Then look in your cache.. That has NOTHING to do with pfsense..

                I'm following what you're saying now - I think I misread what you'd originally posted.

                That said, the reason that I posted here initially is due to multiple hosts, none of them related, using different browsers and mail clients, all showing identical symptoms (webconfigurator cert being served while attempting any kind of HTTPS, HTTP->HTTPS redirection to webconfigurator for domains that have no A record). Which is where my confusion stemmed from.

                I'm going to root around in my browsers and see if there's any weirdness set.

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  You have shown that pfsense hands back SOA and NX…  Therefore your client got no IP to try and go to, be it pfsense or elsewhere..  So how could it possible end up anywhere?  Your browser should show you CAN not connect to server, because it never got an IP to go too from pfsense.

                  What I would do is sniff the traffic and see where in the world your browser is doing a query for that it would ever get an IP to try and connect to that could get redirect to your webgui page..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.