DNS queries | resolver, host overrides, dhcp & external dns
My DNS resolution is not working correctly as it seems. What could be the problem? I tried already different scenarios, but can't get it to work.
I have setup pfsense with a site-to-site vpn. I'm trying to get the name resolution of Site1 to work.
In Site1 I'm using
and host overrides in resolver to resolve some hostnames with static IPs
in System / General Setup I have 2 wan dns hosts of my ISP
If I connect a client with DHCP it gets the IP of pfsense as DNS and no other DNS servers.
DNS lookups from client for hostnames in host overrides are working
But DNS lookups to external hosts are not working until I enter the DNS Servers under Services / DHCP Server / DNS servers
But if I do that, the DNS lookups from the client for hostnames in hosts overrides go to the ISP DNS servers.
How can I resolve the internal hostnames AND the external ?
What could be the problem?
You resolver isn't set up right. Post the settings for the resolver and make sure pfSense itself can make queries to outside addresses:
What does this show:
Diagnostics > Command prompt
Command: drill @184.108.40.206 www.google.com Execute
Leave your DHCP server giving pfSense as the DNS server to inside hosts and fix your resolver.
pfsense shell (before and after removing ISP DNS from Services / DHCP DNS Servers)
# drill @220.127.116.11 www.google.com Execute ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 1084 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;; Execute. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: . 1091 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015112401 1800 900 604800 86400 ;; ADDITIONAL SECTION: ;; Query time: 8 msec ;; SERVER: 18.104.22.168 ;; WHEN: Tue Nov 24 23:01:31 2015 ;; MSG SIZE rcvd: 100 #
after removing the ISP DNS from Services / DHCP DNS Servers
returns "Server failed" (Win10)
The Execute was for the GUI.
Run this: drill @22.214.171.124 www.google.com
# drill @126.96.36.199 www.google.com ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 17594 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; www.google.com. IN A ;; ANSWER SECTION: www.google.com. 18 IN A 188.8.131.52 www.google.com. 18 IN A 184.108.40.206 www.google.com. 18 IN A 220.127.116.11 www.google.com. 18 IN A 18.104.22.168 www.google.com. 18 IN A 22.214.171.124 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 7 msec ;; SERVER: 126.96.36.199 ;; WHEN: Wed Nov 25 06:46:58 2015 ;; MSG SIZE rcvd: 112
Do your firewall rules prevent LAN hosts from querying LAN address for DNS?
This just works out-of-the-box. Have to figure out what, specifically, you've done to make it not work.