• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

SERVFAIL response when "Enable Forwarding Mode" is checked

Scheduled Pinned Locked Moved DHCP and DNS
3 Posts 3 Posters 1.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jprez1980
    last edited by Dec 10, 2015, 3:01 AM

    Hey All -

    So I am using 2.2.5 and use OpenDNS for content filtering purposes.

    Under System -> General Setup I have the OpenDNS IPs listed
    Under Services -> DNS Resolver I have it enabled, also have Enable Forwarding Mode checked
    DHCP hands out the OpenDNS IP as my DNS server (192.168.0.254 in this case)

    Running a nslookup I get this response:

    nslookup

    cnn.com
    Server: 192.168.0.254
    Address: 192.168.0.254#53

    ** server can't find cnn.com.home.mydomain.com: SERVFAIL

    It looks like it's appending my own internal domain to the tail end of whatever is being queried.  Naturally, all connected devices are having DNS resolution issues.

    If I uncheck Enable Forwarding Mode - all is well:

    nslookup

    cnn.com
    Server: 192.168.0.254
    Address: 192.168.0.254#53

    Non-authoritative answer:
    Name: cnn.com
    Address: 157.166.226.25
    Name: cnn.com
    Address: 157.166.226.26

    Is this a bug or some other configuration issue?

    Thanks

    1 Reply Last reply Reply Quote 0
    • D
      doktornotor Banned
      last edited by Dec 10, 2015, 8:26 AM

      Stop forwarding to OpenDNS with DNSSEC enabled. OpenDNS does NOT support DNSSEC.

      1 Reply Last reply Reply Quote 0
      • J
        johnpoz LAYER 8 Global Moderator
        last edited by Dec 11, 2015, 1:10 PM

        Agreed, if your going to use forwarder mode and want dnssec where your sending has to support it.

        As to your query, yeah depending on your os and setup its going to append your machines domain suffix to your queries.. If you don't want that to happen then end your query with .

        cnn.com.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        2 out of 3
        • First post
          2/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received