TinyDNS on pfsense 2.2.5-RELEASE from scratch

  • Hello,

    Let's assume, that i'm a newbie and i need to set up tinydns on pfsense to resolve local domains *.local and redirect some external domains (example-1.com) to other domains (cname to example-2.com) it's impossible to get ip of example-2.com, because it's changing frequently. My atual setup looks like this:

    1. Disabled DNS forwarder and DNS resolver
    2. Enabled DNS Server with config:
      Enable recursive DNS responder: true
      Interface to listen: (selected all)
      Respond to IP: 10
      Register DHCP static mappings with server: false
      Register DHCP leases with server: false
      Enable IP monitoring: false
      Refresh Interval: none
      Hosts allowed to perform DNS Zone Transfers - Note: this requires TCP port 53 firewall permit rule!: none

    dupakropkaosiem2.com CNAME wykop.pl
    www.test.local A

    General setup:
    domain: ip-lan.com
    Allow DNS server list to be overridden by DHCP/PPP on WAN: false
    Do not use the DNS Forwarder or Resolver as a DNS server for the firewall: false

    DHCP Server:
    DNS Server:

    Resolving by recursive works fine, but www.test.local and dupakropkaosiem2.com does not :/ I'v tested it by:
    dig www.test.local @
    result:; <<>> DiG 9.9.5-9ubuntu0.3-Ubuntu <<>> www.test.local @
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46307
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

    ;www.test.local. IN A

    ;; Query time: 60 msec
    ;; SERVER:
    ;; WHEN: Wed Nov 18 12:55:07 CET 2015
    ;; MSG SIZE  rcvd: 32

    Please help me with setup, i'll be very greatfull


  • LAYER 8 Global Moderator

    I have to ask why you would not just use the built in forwarder or resolver for such a simple task?  Seems you are not doing zone xfer, so why would you want to use tiny vs the built in tools?

    This should be in the package section by the way.. Tiny is not built into pfsense, and is a add on package - support for those should be in the package section.

  • Banned

  • johnpoz - Because in forwarder/resolver  host override I cannot use cname-like records. I have to redirect some "virtual" "external" domain (example1.com) to domain example2.com where ip's are constantly changing and i cannot do anything about that. Why is that working that way? Don't know, but some software requires domain example1.com and cannot do anything about that.
    I'm verry sorry for mistake with that section.
    Other thing is that every questions like that in past were treated with response "why wont you change software, why wont you use built in forwarder/resolver why wont you…" But no real answer. Others solved their problems but haven't shared on forum, or problems were with other version-related of pfsense or tinydns
    doktornotor - test purposes only ;)

    Current config looks like in screenshot below. I'v deleted everything and added only that thru wizard. Still not working.

  • LAYER 8 Global Moderator

    Who says you can not do cnames?  But unbound or dnsmasq is not authoritative so it won't auto return what the cname points too..

    why would example2.com be changing if its a LOCAL resource that you serve up something off of?

    Why do you need to have example1.com point to example2.com ??  If you actually describe what your wanting to accomplish, be more than happy to help you accomplish that..  Be it with tiny (if possible) or some other way..

  • Hello again :)

    I have managed to finally force tinydns to work, I'll put my config in this post.
    But regardless, example2.com is external domain which points to external resources, not under my control. Why it is changing frequently? I have no slightest idea. Why i need redirection example1.com -> example2.com? Application  is using domain example1.com which does not exist in "old" way anymore (also not under my control).

    I See that screenshot with configuration of forwarder, great that you can set cname :) I haven't found that possibility anywhere on this forum or google :) It's great, i'll use that if i'll ever have problems with tinydns

    But to the point, answer to all my problems is… You HAVE to use "New domain wizard" to add domain, AND REBOOT, why reboot, not restart service? Don't  know yet, restarting service doesn't get it to work :/
    Basic settings in wizard are:
    Domain Name: example1.com
    Primary Nameserver: (ip of pfsense router)
    An you can add "first A record" if you are nod doing cname, but simple "A"
    First A record hostname: example1.com
    First A record IP address:
    If you want to cname, ignore "a" record, next in "Add/Edit Record" you set
    Record Name (Hostname or FQDN. E.g. www.exampledomain.com): example1.com
    Record Type: cname
    Record Data (FQDN, IP Address, or "raw" TinyDNS record): example2.com

    And then you reboot router. I'll have to find out why reboot is needed, i cannot afford to lose connection every time I add new local domain :)

    Then save.

  • LAYER 8 Global Moderator

    You still have not explained a valid use case for this… Why would you have to point example1.com to example2.com  -- why don't you just go to example2.com from the get go...

    I understand the use of a cname... Which is normally used by people that are authoritative for where the cname points too..  You seem to not have any control over this example2 at all and is not on your network, and don't even understand why it changes IP?  So why do you need to point example1.com at it??

    And you sure and the F do not need to reboot pfsense to make this work..

  • johnpoz - i can not go to example2 directly, because address "example1" is  hardcoded in this software, API which were available "long time ago" under "example1" is now under "example2". Simple as that.
    Yes, i'm sure that I'v had to reboot router, as i'v tested while ago, while adding next subdomain to existing SOA, it will work fine, but after adding SOA, this new domains under that new SOA will not work until router restarted.
    I'v tried to restart also svscan, no changes.

Log in to reply