Just a few things off the top of my head that you've probably already checked (no offense if some are very basic):
-Have you verified internal clients are getting the right DNS (if they are getting it via DHCP) -Have you verified the internal DNS server is receiving the client requests? -Have you checked pfSense firewall logs for any blocking for the traffic in question (and maybe enable logging of passes for troubleshooting) -Have you done a packet capture on the LAN interface to see the internal DNS server sending the requests through the pfSense LAN interface? And possibly receiving responses back? -Have you done a packet capture on the WAN interface to see the traffic being sent out/received back? Jeff On Fri, Feb 19, 2016 at 8:19 AM, David Ross <d...@davidrossconsultant.com> wrote: > No. Split DNS. Internal is basically a cache plus has the IP settings for > internal LAN addresses. > > David Ross > > > On Feb 19, 2016, at 10:50 AM, WebDawg <webd...@gmail.com> wrote: > > > >> On Thu, Feb 18, 2016 at 7:30 PM, David Ross <d...@davidrossconsultant.com> > wrote: > >> Current device is an xxx running pfSense 2.0.1-RELEASE > >> > >> New device is an SG-2440 running pfSense 2.2.6-RELEASE > >> > >> I decided that trying to reload the configuration file with that big of > a > >> gap in versions was asking for trouble so I built the new configuration > by > >> hand. It wasn't that complicated. > >> > >> But no luck. We have a bock of 15 static IPs. with 5 of them currently > >> mapped via NAT1:1 to 4 internal systems. Everything seemed to work > except > >> for DNS. Our mail server could receive and send as long as the DNS > lookups > >> were not required for new items. > >> > >> We have a DNS server in house for all of the machines on our LAN to > use. I > >> really don't want the pfSense device to do anything but pass DNS > queries out > >> and get the responses back to our in house server. > >> > >> DNS seems to have changed a lot in the release gap I'm crossing. Any > quick > >> thoughts before I dig in deeper. > >> > >> I have disabled the DNS forwarder. > >> > >> I have also disabled the DNS resolver. > >> > >> I have looked at the various rules (not that many) and interface > settings > >> and don't see anything obvious. > >> > >> Any pointers on what to check out. > >> > >> Thanks > >> David Ross > >> _______________________________________________ > > > > > > So you are using a DNS server on your WAN for clients internal? > > _______________________________________________ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold