Alright. I got it. Thanks to all that responded. There were a couple of
duplicate rules in the rules table from the automatically entered rules
and from me deleting and re-adding, etc. I deleted all references to DNS
from the NAT tables and the Rules tables and then re-created them all.
They work fine.
Thanks to all who responded.
--Curtis
On Nov 5, 2010, at 9:24 PM, Curtis Maurand wrote:
I have a DNS server behind a pfsense box. The dns forwarder is enabled
(I've tried disabling it.)
Without the forwarder, dns queries from behind the pfsense box don't
resolve, not ever.
With the forwarder dns queries resolve and the active directory works
fine as the windows servers forward all their queries to the pfsense box
and they are handled.
My problem is that there is an unrelated dns server behind the pfsense
machine that needs to answer to the outside world. I set up a virtual
ip address (tried it all three ways) and set up a NAT rule to forward
TCP/UDP on port 53 DNS to the server inside. TCP queries work, but UDP
queries time out against the virtual address, but work fine on actual
address. Have I run into something.
WanIP forwarded to inside server works both tcp and udp.
Virtual IP forwarded to inside server works tcp
Virtual IP forwarded to inside server fails udp.
Most dns queries are udp except for dnssec, dkim and spf.
Corresponding firewall rules? my internal machine is running DNS as well,
and I allowed it to query the outside world, and works just fine
through my pfsense box.
You could also tcpdump on the pflog0 interface and see what is going on
and what is getting blocked..
Any ideas?
I'm running a 1.2.3-RELEASE built nearly a year ago.
Thanks,
Curtis
--
/\ Best regards,| re...@freebsd.org
\ / Remko Lodder |
Xhttp://www.evilcoder.org/| Quis custodiet ipsos custodes
/ \ ASCII Ribbon Campaign| Against HTML Mail and News
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org