All systems on LAN resolve to WAN IP address

  • I'm sure I'm missing something otherwise trivial, but I can't see to nail this one down.

    I am using the DNS resolver in pfsense, with the domain set to - all interfaces selected for both "Network Interfaces" and "Outgoing Network Interfaces", and registering both DHCP leases and static DHCP mappings in the resolver. Everything under "Advanced" is default.

    If I'm on, and I try to ping, nslookup, etc, it gets pointed to the WAN IP address for pfsense (for which there is a public DNS entry for If I'm on the LAN, I would expect to be able to resolve (or just 'systemB') correctly, however that's not the behavior I'm seeing.

    Where should I be looking to see what I've got configured incorrectly?

    As a follow up, if I later also want to have on a separate LAN that pfsense is serving - is it enough to override the domain name  for the DHCP server on that network to be able to resolve both domains for incoming requests, or does that entail a more advanced configuration?

  • LAYER 8 Global Moderator

    To be honest is BAD idea to use the same domain as some public domain as your local networks domain.  Why not use a subdomain say so then you would have which is easy to distinguish from your public space of that I would have to assume has some authoritative nameservers out out on the public net.

    I could see if you have wildcard entry in this domain pointing to your public IP that could cause you all kinds of grief

  • Well assume I want to be able to access both systemA and systemB externally as well. Moving to would break that ability.

    I'm not saying that every system on the LAN would be externally accessible, but it would be preferable to be able to use "" both internally and externally.

  • LAYER 8 Global Moderator

    how so??  but lets say you want to have on the public point to your public IP, then internally just create a host override that points to your local IP.

    You need to figure out where your resolving these hosts to your public from, my guess would be you have a wild card and your systems trying to resolve is using the public vs the local.  Be it you don't have a correct override setup, the client has it cached before you set it up or the client is doing queries to the outside vs your local.

  • I'm at work at the moment so I can't try this out, but am I understanding you correctly in that:

    1. If I have public wildcard DNS record, I must use host overrides for any request for a given hostname to resolve to the correct system instead of the public IP.

    2. Assuming #1 is correct, if I remove the wildcard public DNS entry, "normal" DNS resolution would work - meaning internally  "" would resolve to the proper host on the LAN.

    3. At that point if I want systemA to be externally accessible, I would need to setup an override.

  • LAYER 8 Global Moderator

    Dude…  Do you have a record for systemA in your external?  Or just a wildcard?

    Anything you want to resolve public you need records for, you can use a wildcard if you want.  But anything you want to resolve locally to private IP you need override for or it will resolve what the public has for it.