<![CDATA[DNS queries | resolver, host overrides, dhcp & external dns]]>Hi
My DNS resolution is not working correctly as it seems. What could be the problem? I tried already different scenarios, but can't get it to work.

I have setup pfsense with a site-to-site vpn. I'm trying to get the name resolution of Site1 to work.
In Site1 I'm using

  • resolver

  • and host overrides in resolver to resolve some hostnames with static IPs

  • in System / General Setup I have 2 wan dns hosts of my ISP

  • If I connect a client with DHCP it gets the IP of pfsense as DNS and no other DNS servers.

  • DNS lookups from client for hostnames in host overrides are working

But DNS lookups to external hosts are not working until I enter the DNS Servers under Services / DHCP Server / DNS servers
But if I do that, the DNS lookups from the client for hostnames in hosts overrides go to the ISP DNS servers.

How can I resolve the internal hostnames AND the external ?
What could be the problem?

]]>https://forum.netgate.com/topic/92152/dns-queries-resolver-host-overrides-dhcp-external-dnsRSS for NodeWed, 20 May 2026 07:20:10 GMTTue, 24 Nov 2015 19:08:26 GMT60<![CDATA[Reply to DNS queries | resolver, host overrides, dhcp & external dns on Wed, 25 Nov 2015 06:09:11 GMT]]>Do your firewall rules prevent LAN hosts from querying LAN address for DNS?

This just works out-of-the-box. Have to figure out what, specifically, you've done to make it not work.

]]>https://forum.netgate.com/post/586407https://forum.netgate.com/post/586407Wed, 25 Nov 2015 06:09:11 GMT<![CDATA[Reply to DNS queries | resolver, host overrides, dhcp & external dns on Wed, 25 Nov 2015 05:46:58 GMT]]>Oh, thanks


# drill @8.8.8.8 www.google.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 17594
;; flags: qr rd ra ; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; www.google.com.      IN      A

;; ANSWER SECTION:
www.google.com. 18      IN      A       173.194.116.48
www.google.com. 18      IN      A       173.194.116.51
www.google.com. 18      IN      A       173.194.116.52
www.google.com. 18      IN      A       173.194.116.50
www.google.com. 18      IN      A       173.194.116.49

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 7 msec
;; SERVER: 8.8.8.8
;; WHEN: Wed Nov 25 06:46:58 2015
;; MSG SIZE  rcvd: 112
]]>https://forum.netgate.com/post/586403https://forum.netgate.com/post/586403Wed, 25 Nov 2015 05:46:58 GMT<![CDATA[Reply to DNS queries | resolver, host overrides, dhcp & external dns on Tue, 24 Nov 2015 23:45:12 GMT]]>The Execute was for the GUI.

Run this: drill @8.8.8.8 www.google.com

]]>https://forum.netgate.com/post/586365https://forum.netgate.com/post/586365Tue, 24 Nov 2015 23:45:12 GMT<![CDATA[Reply to DNS queries | resolver, host overrides, dhcp & external dns on Tue, 24 Nov 2015 22:04:41 GMT]]>pfsense shell (before and after removing ISP DNS from Services / DHCP DNS Servers)

# drill @8.8.8.8 www.google.com Execute
;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 1084
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;; Execute.     IN      A

;; ANSWER SECTION:

;; AUTHORITY SECTION:
.       1091    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2015112401 1800 900 604800 86400

;; ADDITIONAL SECTION:

;; Query time: 8 msec
;; SERVER: 8.8.8.8
;; WHEN: Tue Nov 24 23:01:31 2015
;; MSG SIZE  rcvd: 100
#

after removing the ISP DNS from Services / DHCP DNS Servers

nslookup 8.8.8.8

returns "Server failed" (Win10)

24.11.png
24.11.png_thumb
24.111.png
24.111.png_thumb

]]>https://forum.netgate.com/post/586347https://forum.netgate.com/post/586347Tue, 24 Nov 2015 22:04:41 GMT<![CDATA[Reply to DNS queries | resolver, host overrides, dhcp & external dns on Tue, 24 Nov 2015 19:12:59 GMT]]>You resolver isn't set up right. Post the settings for the resolver and make sure pfSense itself can make queries to outside addresses:

What does this show:

Diagnostics > Command prompt

Command: drill @8.8.8.8 www.google.com Execute

Leave your DHCP server giving pfSense as the DNS server to inside hosts and fix your resolver.

]]>https://forum.netgate.com/post/586296https://forum.netgate.com/post/586296Tue, 24 Nov 2015 19:12:59 GMT