Re: [pfSense Support] Split DNS Setup
On Fri, Nov 27, 2009 at 3:29 PM, Bruce Walker bruce.wal...@gmail.com wrote: Yeah, I take that back. :-) I rechecked my notes, and what I really found is that when you add an override *domain*, dnsmasq isn't restarted by that action. You need to either Save on the DNS forwarder page or restart the service. dnsmasq needs to be restarted because the domain overrides are implemented by adding additional command line args (--server=/dom/ip) to dnsmasq. confirmed, thanks for the report. http://redmine.pfsense.org/issues/show/201 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Split DNS Setup
Good Morning, I have a pfSense box that needs to resolve real world IP addresses (www.google.cahttp://www.google.ca) and also internal office IPs for real world IPs (www.mydomain.comhttp://www.mydomain.com as 192.168.1.1). This way people in the building can use things just as they would outside but never leave our network. I have installed TinyDNS and it was working for the www.mydomain.comhttp://www.mydomain.com with internal addresses but I then lost the ability to find google.com, etc. Any suggestions? I defined and SOA for mydomain.com and created an A record for it. I had it listening on my LAN IP. Restarted TinyDNS and all was well, till I tried google. It would not resolve that. Thanks, Ron
RE: [pfSense Support] Split DNS Setup
If your only working with a few servers, 5 - then I would consider just adding those IPs to the host file on pfSense. No need for a shotgun to kill a fly! From: Ron Lemon [mailto:r...@maplewood.com] Sent: 27 November 2009 15:10 To: support@pfsense.com Subject: [pfSense Support] Split DNS Setup Good Morning, I have a pfSense box that needs to resolve real world IP addresses (www.google.ca) and also internal office IPs for real world IPs (www.mydomain.com as 192.168.1.1). This way people in the building can use things just as they would outside but never leave our network. I have installed TinyDNS and it was working for the www.mydomain.com with internal addresses but I then lost the ability to find google.com, etc. Any suggestions? I defined and SOA for mydomain.com and created an A record for it. I had it listening on my LAN IP. Restarted TinyDNS and all was well, till I tried google. It would not resolve that. Thanks, Ron
RE: [pfSense Support] Split DNS Setup
Sounds good to me. Where do I find the host file? I am used to C:\Windows\System32\Drivers\ETC doubt that will work in this case. _ Ron Lemon Information Technology Manager, Maplewood Computing Ltd. | 800.265.3482 | www.maplewood.com This email message, and any files transmitted with it, are confidential and intended solely for the use of the intended recipient(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and attachments. [cid:image001.png@01CA6F52.68DD85B0] From: Gabriel - IP Guys [mailto:gabr...@impactteachers.com] Sent: Friday, November 27, 2009 10:35 AM To: support@pfsense.com Subject: RE: [pfSense Support] Split DNS Setup If your only working with a few servers, 5 - then I would consider just adding those IPs to the host file on pfSense. No need for a shotgun to kill a fly! From: Ron Lemon [mailto:r...@maplewood.com] Sent: 27 November 2009 15:10 To: support@pfsense.com Subject: [pfSense Support] Split DNS Setup Good Morning, I have a pfSense box that needs to resolve real world IP addresses (www.google.cahttp://www.google.ca) and also internal office IPs for real world IPs (www.mydomain.comhttp://www.mydomain.com as 192.168.1.1). This way people in the building can use things just as they would outside but never leave our network. I have installed TinyDNS and it was working for the www.mydomain.comhttp://www.mydomain.com with internal addresses but I then lost the ability to find google.com, etc. Any suggestions? I defined and SOA for mydomain.com and created an A record for it. I had it listening on my LAN IP. Restarted TinyDNS and all was well, till I tried google. It would not resolve that. Thanks, Ron inline: image001.png
Re: [pfSense Support] Split DNS Setup
On Fri, Nov 27, 2009 at 9:11 AM, Ron Lemon r...@maplewood.com wrote: Sounds good to me. Where do I find the host file? /etc/hosts
Re: [pfSense Support] Split DNS Setup
On Fri, Nov 27, 2009 at 10:10 AM, Ron Lemon r...@maplewood.com wrote: Good Morning, I have a pfSense box that needs to resolve real world IP addresses (www.google.ca) and also internal office IPs for real world IPs (www.mydomain.com as 192.168.1.1). This way people in the building can use things just as they would outside but never leave our network. I have installed TinyDNS and it was working for the www.mydomain.com with internal addresses but I then lost the ability to find google.com, etc. Don't, uninstall that, and use the DNS forwarder with overrides. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Split DNS Setup
I have removed TinyDNS and added my overrides to DNS forwarder (which show in the hosts file). I have cleared my dns cache on my workstation and then tried to ping my host and I still get the public ip not my private one. I tried restarting the DNSForwarder then clearing my cache again and I get the same results. _ Ron Lemon Information Technology Manager, Maplewood Computing Ltd. | 800.265.3482 | www.maplewood.com This email message, and any files transmitted with it, are confidential and intended solely for the use of the intended recipient(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and attachments. -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Friday, November 27, 2009 1:17 PM To: support@pfsense.com Subject: Re: [pfSense Support] Split DNS Setup On Fri, Nov 27, 2009 at 10:10 AM, Ron Lemon r...@maplewood.com wrote: Good Morning, I have a pfSense box that needs to resolve real world IP addresses (www.google.ca) and also internal office IPs for real world IPs (www.mydomain.com as 192.168.1.1). This way people in the building can use things just as they would outside but never leave our network. I have installed TinyDNS and it was working for the www.mydomain.com with internal addresses but I then lost the ability to find google.com, etc. Don't, uninstall that, and use the DNS forwarder with overrides. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Split DNS Setup
Ron Lemon wrote: I have removed TinyDNS and added my overrides to DNS forwarder (which show in the hosts file). I have cleared my dns cache on my workstation and then tried to ping my host and I still get the public ip not my private one. I tried restarting the DNSForwarder then clearing my cache again and I get the same results. Are you pinging from within your firewall? Try pinging from one of your internal clients; you should see your private name/host entries from there. The firewall *itself* will report upstream names because by default /etc/resolv.conf doesn't get modified to use dnsmasq's lookups. So within the firewall itself is a special case, but that likely isn't important (it's not an issue in two setups I run that sound much like yours). If you really need to make the firewall see your private names, you should read up on dnsmasq's FAQs for the suggested config. You can create /usr/local/etc/dnsmasq.conf and put custom configs in there. They won't get clobbered by firmware upgrades, at least not in 1.2.3, and so far in 2.0. -bmw - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Split DNS Setup
I am pinging from a client machine. Just to be sure I cleared the DNS cache on another computer and then tried it. Still the live IP. I have also verified the IP of the DNS server and it is pointed to my pfSense box. _ Ron Lemon Information Technology Manager, Maplewood Computing Ltd. | 800.265.3482 | www.maplewood.com This email message, and any files transmitted with it, are confidential and intended solely for the use of the intended recipient(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and attachments. -Original Message- From: Bruce Walker [mailto:bruce.wal...@gmail.com] Sent: Friday, November 27, 2009 2:08 PM To: support@pfsense.com Subject: Re: [pfSense Support] Split DNS Setup Ron Lemon wrote: I have removed TinyDNS and added my overrides to DNS forwarder (which show in the hosts file). I have cleared my dns cache on my workstation and then tried to ping my host and I still get the public ip not my private one. I tried restarting the DNSForwarder then clearing my cache again and I get the same results. Are you pinging from within your firewall? Try pinging from one of your internal clients; you should see your private name/host entries from there. The firewall *itself* will report upstream names because by default /etc/resolv.conf doesn't get modified to use dnsmasq's lookups. So within the firewall itself is a special case, but that likely isn't important (it's not an issue in two setups I run that sound much like yours). If you really need to make the firewall see your private names, you should read up on dnsmasq's FAQs for the suggested config. You can create /usr/local/etc/dnsmasq.conf and put custom configs in there. They won't get clobbered by firmware upgrades, at least not in 1.2.3, and so far in 2.0. -bmw - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Split DNS Setup
Ron Lemon wrote: I am pinging from a client machine. Just to be sure I cleared the DNS cache on another computer and then tried it. Still the live IP. I have also verified the IP of the DNS server and it is pointed to my pfSense box. _ Ron Lemon Information Technology Manager, Maplewood Computing Ltd. | 800.265.3482 | www.maplewood.com This email message, and any files transmitted with it, are confidential and intended solely for the use of the intended recipient(s). Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message and attachments. Oh! Here's a thought: I noticed that adding dns-forwarder overrides doesn't restart dnsmasq, so it doesn't necessarily see them. Either restart the service (from the Status - Services) or just click the Save button on the DNS Forwarder menu page. -bmw - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Split DNS Setup
Bruce Walker wrote: Oh! Here's a thought: I noticed that adding dns-forwarder overrides doesn't restart dnsmasq, so it doesn't necessarily see them. Either restart the service (from the Status - Services) or just click the Save button on the DNS Forwarder menu page. This should not be necessary. When you add an override, you click save on that screen, then apply changes on the main DNS forwarder screen. At that point, the overrides are already working (Confirmed again by a test I just did on my home router) Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Split DNS Setup
Jim Pingle wrote: Bruce Walker wrote: Oh! Here's a thought: I noticed that adding dns-forwarder overrides doesn't restart dnsmasq, so it doesn't necessarily see them. Either restart the service (from the Status - Services) or just click the Save button on the DNS Forwarder menu page. This should not be necessary. When you add an override, you click save on that screen, then apply changes on the main DNS forwarder screen. At that point, the overrides are already working (Confirmed again by a test I just did on my home router) Jim Yeah, I take that back. :-) I rechecked my notes, and what I really found is that when you add an override *domain*, dnsmasq isn't restarted by that action. You need to either Save on the DNS forwarder page or restart the service. dnsmasq needs to be restarted because the domain overrides are implemented by adding additional command line args (--server=/dom/ip) to dnsmasq. -bmw - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org