DNS resolver forwarding problem (MPLS cloud)
I have a strange issue and i wonder if i did something wrong or if dns resolver’s forwarding is not working correctly for our case.
pfSense is 2.2.6-Release.
We are connected to private MPLS cloud which has internal DNS servers and a common internet gateway. Everyone in that cloud has set it’s internal DNS servers to forward requests to the private DNS servers in the cloud because we have common private servers in that cloud that are used by everyone inside that same cloud.
Here is our config (IP’s and domains changed for security reasons)
Cloud DNS1: 10.1.1.2 (ns1.infra.cloudfomain.lu)
Cloud DNS2: 10.1.1.3 (ns2.infra.cloudfomain.lu)
My local Net: 10.99.x.x / 16
pfSense is 10.99.0.254, has 6 NIC’s on different VLAN’s and has DNS resolver working correctly. It registers dynamic and static DHCP clients and has several host overrides.
Everything works like a charm, except DNS resolvers’s forwarding which drives me crazy.
There is a domain called infra.clouddomain.lu which is only registered on the cloud DNS servers (the two above). This one contains names of commonly used servers in the cloud.
So i System / General Setup i put the two Cloud DNS servers 10.1.1.2 and 10.1.1.3 and in DNS resolver i enable forward.
When i do some lookups from an internal W7 machine:
Random public existing DNS name:
> www.cist.lu Server: 10.99.0.254 Address: 10.99.0.254#53 Non-authoritative answer: Name: www.cist.lu Address: 220.127.116.11
A DNS name that only exist on cloud DNS servers:
> ns1.infra.clouddomain.lu Serveur : fortknox.prod.mydomain.lu Address: 10.99.0.254 Nom : ns1.infra.clouddomain.lu Served by: - ns1.clouddomain.lu infra.clouddomain.lu - ns2.clouddomain.lu infra.clouddomain.lu
It seems to work partially, because if it wouldn’t work at all and if it would query only ROOT dns servers they would not know at all about private subdomain infra.clouddomain.lu.
Now comes the really weird part. If i do a domain override for clouddomain.lu and manually set it to 10.1.1.2 it works like a charm. But i want to this because there are several domains and subdomains and they need to be kept up to date.
With domain override:
> ns1.infra.clouddomain.lu Serveur : fortknox.prod.mydomain.lu Address: 10.99.0.254 Réponse ne faisant pas autorité : Nom : ns1.infra.clouddomain.lu Address: 10.1.1.2
Finally if i use Windows DNS server and let it forward to these two could dns servers everything resolves fine. So why doesn’t it work with pfSense ?
Any ideas or tracks would be greatly appreciated.