Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS resolver forwarding problem (MPLS cloud)

    Scheduled Pinned Locked Moved DHCP and DNS
    1 Posts 1 Posters 774 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Foxi352
      last edited by

      Hi,

      I have a strange issue and i wonder if i did something wrong or if dns resolver’s forwarding is not working correctly for our case.
      pfSense is 2.2.6-Release.

      We are connected to private MPLS cloud which has internal DNS servers and a common internet gateway. Everyone in that cloud has set it’s internal DNS servers to forward requests to the private DNS servers in the cloud because we have common private servers in that cloud that are used by everyone inside that same cloud.

      Here is our config (IP’s and domains changed for security reasons)

      Cloud DNS1: 10.1.1.2  (ns1.infra.cloudfomain.lu)
      Cloud DNS2: 10.1.1.3  (ns2.infra.cloudfomain.lu)

      My local Net: 10.99.x.x / 16

      pfSense is 10.99.0.254, has 6 NIC’s on different VLAN’s and has DNS resolver working correctly. It registers dynamic and static DHCP clients and has several host overrides.
      Everything works like a charm, except DNS resolvers’s forwarding which drives me crazy.

      There is a domain called infra.clouddomain.lu which is only registered on the cloud DNS servers (the two above). This one contains names of commonly used servers in the cloud.
      So i System / General Setup i put the two Cloud DNS servers 10.1.1.2 and 10.1.1.3 and in DNS resolver i enable forward.

      When i do some lookups from an internal W7 machine:

      Random public existing DNS name:

      > www.cist.lu
Server:		10.99.0.254
Address:	10.99.0.254#53

Non-authoritative answer:
Name:	www.cist.lu
Address: 54.246.142.106

      A DNS name that only exist on cloud DNS servers:

      > ns1.infra.clouddomain.lu
Serveur :   fortknox.prod.mydomain.lu
Address:  10.99.0.254

Nom :    ns1.infra.clouddomain.lu
Served by:
- ns1.clouddomain.lu

          infra.clouddomain.lu
- ns2.clouddomain.lu

          infra.clouddomain.lu

      It seems to work partially, because if it wouldn’t work at all and if it would query only ROOT dns servers they would not know at all about private subdomain infra.clouddomain.lu.
      Now comes the really weird part. If i do a domain override for clouddomain.lu and manually set it to 10.1.1.2 it works like a charm. But i want to this because there are several domains and subdomains and they need to be kept up to date.

      With domain override:

      > ns1.infra.clouddomain.lu
Serveur :   fortknox.prod.mydomain.lu
Address:  10.99.0.254

Réponse ne faisant pas autorité :
Nom :    ns1.infra.clouddomain.lu
Address:  10.1.1.2

      Finally if i use Windows DNS server and let it forward to these two could dns servers everything resolves fine. So why doesn’t it work with pfSense ?

      Any ideas or tracks would be greatly appreciated.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.