Re: [pfSense Support] DNS issue

[cmaurand]

Alright.  I got it.  Thanks to all that responded.  There were a couple of
duplicate rules in the rules table from the automatically entered rules
and from me deleting and re-adding, etc.  I deleted all references to DNS
from the NAT tables and the Rules tables and then re-created them all. 
They work fine.

Thanks to all who responded.

--Curtis


 On Nov 5, 2010, at 9:24 PM, Curtis Maurand wrote:

 I have a DNS server behind a pfsense box.  The dns forwarder is enabled
 (I've tried disabling it.)

 Without the forwarder, dns queries from behind the pfsense box don't
 resolve, not ever.
 With the forwarder dns queries resolve and the active directory works
 fine as the windows servers forward all their queries to the pfsense box
 and they are handled.

 My problem is that there is an unrelated dns server behind the pfsense
 machine that needs to answer to the outside world.  I set up a virtual
 ip address (tried it all three ways) and set up a NAT rule to forward
 TCP/UDP on port 53 DNS to the server inside.  TCP queries work, but UDP
 queries time out against the virtual address, but work fine on actual
 address.  Have I run into something.

 WanIP forwarded to inside server works both tcp and udp.
 Virtual IP forwarded to inside server works tcp
 Virtual  IP forwarded to inside server fails udp.

 Most dns queries are udp except for dnssec, dkim and spf.

 Corresponding firewall rules? my internal machine is running DNS as well,
 and I allowed it to query the outside world, and works just fine
 through my pfsense box.

 You could also tcpdump on the pflog0 interface and see what is going on
 and what is getting blocked..


 Any ideas?

 I'm running a 1.2.3-RELEASE built nearly a year ago.

 Thanks,
 Curtis


 --
 /\   Best regards,| re...@freebsd.org
 \ /   Remko Lodder  |
 Xhttp://www.evilcoder.org/| Quis custodiet ipsos custodes
 / \   ASCII Ribbon Campaign| Against HTML Mail and News





 -
 To unsubscribe, e-mail: support-unsubscr...@pfsense.com
 For additional commands, e-mail: support-h...@pfsense.com

 Commercial support available - https://portal.pfsense.org




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] DNS issue

[Remko Lodder]

On Nov 5, 2010, at 9:24 PM, Curtis Maurand wrote:

 I have a DNS server behind a pfsense box.  The dns forwarder is enabled (I've 
 tried disabling it.)
 
 Without the forwarder, dns queries from behind the pfsense box don't resolve, 
 not ever.
 With the forwarder dns queries resolve and the active directory works fine as 
 the windows servers forward all their queries to the pfsense box and they are 
 handled.
 
 My problem is that there is an unrelated dns server behind the pfsense 
 machine that needs to answer to the outside world.  I set up a virtual ip 
 address (tried it all three ways) and set up a NAT rule to forward TCP/UDP on 
 port 53 DNS to the server inside.  TCP queries work, but UDP queries time out 
 against the virtual address, but work fine on actual address.  Have I run 
 into something.
 
 WanIP forwarded to inside server works both tcp and udp.
 Virtual IP forwarded to inside server works tcp
 Virtual  IP forwarded to inside server fails udp.
 
 Most dns queries are udp except for dnssec, dkim and spf.

Corresponding firewall rules? my internal machine is running DNS as well, and I 
allowed it to query the outside world, and works just fine
through my pfsense box. 

You could also tcpdump on the pflog0 interface and see what is going on and 
what is getting blocked..

 
 Any ideas?
 
 I'm running a 1.2.3-RELEASE built nearly a year ago.
 
 Thanks,
 Curtis
 

-- 
/\   Best regards,| re...@freebsd.org
\ /   Remko Lodder  |
Xhttp://www.evilcoder.org/| Quis custodiet ipsos custodes
/ \   ASCII Ribbon Campaign| Against HTML Mail and News





-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org