DNS queries | resolver, host overrides, dhcp & external dns

  • Hi
    My DNS resolution is not working correctly as it seems. What could be the problem? I tried already different scenarios, but can't get it to work.

    I have setup pfsense with a site-to-site vpn. I'm trying to get the name resolution of Site1 to work.
    In Site1 I'm using

    • resolver

    • and host overrides in resolver to resolve some hostnames with static IPs

    • in System / General Setup I have 2 wan dns hosts of my ISP

    • If I connect a client with DHCP it gets the IP of pfsense as DNS and no other DNS servers.

    • DNS lookups from client for hostnames in host overrides are working

    But DNS lookups to external hosts are not working until I enter the DNS Servers under Services / DHCP Server / DNS servers
    But if I do that, the DNS lookups from the client for hostnames in hosts overrides go to the ISP DNS servers.

    How can I resolve the internal hostnames AND the external ?
    What could be the problem?

  • LAYER 8 Netgate

    You resolver isn't set up right. Post the settings for the resolver and make sure pfSense itself can make queries to outside addresses:

    What does this show:

    Diagnostics > Command prompt

    Command: drill @ www.google.com Execute

    Leave your DHCP server giving pfSense as the DNS server to inside hosts and fix your resolver.

  • pfsense shell (before and after removing ISP DNS from Services / DHCP DNS Servers)

    # drill @ www.google.com Execute
    ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 1084
    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    ;; Execute.     IN      A
    .       1091    IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2015112401 1800 900 604800 86400
    ;; Query time: 8 msec
    ;; SERVER:
    ;; WHEN: Tue Nov 24 23:01:31 2015
    ;; MSG SIZE  rcvd: 100

    after removing the ISP DNS from Services / DHCP DNS Servers


    returns "Server failed" (Win10)

  • LAYER 8 Netgate

    The Execute was for the GUI.

    Run this: drill @ www.google.com

  • Oh, thanks

    # drill @ www.google.com
    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 17594
    ;; flags: qr rd ra ; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
    ;; www.google.com.      IN      A
    www.google.com. 18      IN      A
    www.google.com. 18      IN      A
    www.google.com. 18      IN      A
    www.google.com. 18      IN      A
    www.google.com. 18      IN      A
    ;; Query time: 7 msec
    ;; SERVER:
    ;; WHEN: Wed Nov 25 06:46:58 2015
    ;; MSG SIZE  rcvd: 112

  • LAYER 8 Netgate

    Do your firewall rules prevent LAN hosts from querying LAN address for DNS?

    This just works out-of-the-box. Have to figure out what, specifically, you've done to make it not work.

Log in to reply