DNS queries | resolver, host overrides, dhcp & external dns
-
Hi
My DNS resolution is not working correctly as it seems. What could be the problem? I tried already different scenarios, but can't get it to work.I have setup pfsense with a site-to-site vpn. I'm trying to get the name resolution of Site1 to work.
In Site1 I'm using-
resolver
-
and host overrides in resolver to resolve some hostnames with static IPs
-
in System / General Setup I have 2 wan dns hosts of my ISP
-
If I connect a client with DHCP it gets the IP of pfsense as DNS and no other DNS servers.
-
DNS lookups from client for hostnames in host overrides are working
But DNS lookups to external hosts are not working until I enter the DNS Servers under Services / DHCP Server / DNS servers
But if I do that, the DNS lookups from the client for hostnames in hosts overrides go to the ISP DNS servers.How can I resolve the internal hostnames AND the external ?
What could be the problem? -
-
You resolver isn't set up right. Post the settings for the resolver and make sure pfSense itself can make queries to outside addresses:
What does this show:
Diagnostics > Command prompt
Command: drill @8.8.8.8 www.google.com Execute
Leave your DHCP server giving pfSense as the DNS server to inside hosts and fix your resolver.
-
pfsense shell (before and after removing ISP DNS from Services / DHCP DNS Servers)
# drill @8.8.8.8 www.google.com Execute ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 1084 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;; Execute. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: . 1091 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015112401 1800 900 604800 86400 ;; ADDITIONAL SECTION: ;; Query time: 8 msec ;; SERVER: 8.8.8.8 ;; WHEN: Tue Nov 24 23:01:31 2015 ;; MSG SIZE rcvd: 100 #
after removing the ISP DNS from Services / DHCP DNS Servers
nslookup 8.8.8.8
returns "Server failed" (Win10)
-
The Execute was for the GUI.
Run this: drill @8.8.8.8 www.google.com
-
Oh, thanks
# drill @8.8.8.8 www.google.com ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 17594 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; www.google.com. IN A ;; ANSWER SECTION: www.google.com. 18 IN A 173.194.116.48 www.google.com. 18 IN A 173.194.116.51 www.google.com. 18 IN A 173.194.116.52 www.google.com. 18 IN A 173.194.116.50 www.google.com. 18 IN A 173.194.116.49 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 7 msec ;; SERVER: 8.8.8.8 ;; WHEN: Wed Nov 25 06:46:58 2015 ;; MSG SIZE rcvd: 112
-
Do your firewall rules prevent LAN hosts from querying LAN address for DNS?
This just works out-of-the-box. Have to figure out what, specifically, you've done to make it not work.