OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: cryptochrome on March 21, 2017, 03:42:14 pm
-
Hi,
I configured DNS Forwarder and added a few host overrides, which works great from any client using the firewall as a DNS server. However, it is not working from the firewall itself, e.g. if I do a nslookup from the firewall shell, it sends the request to the forwarders instead of resolving through the host overrides.
Am I missing something here?
Thanks
-
Make sure that the "Do not use the DNS Forwarder/Resolver as a DNS server for the firewall" option under System > Settings > General is turned off.
-
Just checked, it's turned off (and was turned off). I even tried giving it 127.0.0.1 as a nameserver but no joy.
-
Hey,
Could be a bug, not sure. I will try to reproduce.
Cheers,
Franco
-
Works from here with a host override on the firewall for both DNS Forwarder and Resolver and the box appropriately unchecked. Checking the setting breaks resolution as expected.
What override are you using? What are you trying to resolve?
Cheers,
Franco
-
I simply added a host as override, like "host.xyz.it -> 10.10.10.1". When I do a nslookup from computers behind the firewall for that host, it resolves to the 10.10.10.1 address. If I do it from the firewall, I get the public IP for that host (we're running a split DNS setup here). The option you are referring to is unchecked. Do I need to have 127.0.0.1 as nameserver configured somewhere for this to work?
-
Do you have custom DNS servers in the general settings as well?
-
I tried both, with and without custom DNS servers. Neither seems to work. I do get DNS servers through DHCP (WAN link) and I have the option enabled to pass this through to my downstream DHCP clients.
-
also happens when you ping? dns resolver is the same outcome? did you set anything in the interface selection of the forwarder?
-
Yes, it also happens when I ping or use the host command. I have set to bind to LAN interface. I just changed it back to the default (all interfaces) but it makes no difference.
-
That's odd. At least in the case of strict interface binding I can agree with the nature of your problem, but not if no interface is selected, that's where it works. Anything else we could try? What do you think causes this? Maybe there is a hint in the Services: DNS Tools: Log file.
-
I have no clue. The log file doesen't have anything that would hint at an issue. It basically just repeats these two lines over and over again:
Mar 24 10:02:50 dnsmasq[24990]: read /var/etc/dnsmasq-hosts - 13 addresses
Mar 24 10:02:57 dnsmasq[24990]: read /etc/hosts - 2 addresses
And occassionaly prints this:
Mar 24 11:41:23 dnsmasq[66225]: using nameserver 80.69.96.12#53
Mar 24 11:41:23 dnsmasq[66225]: using nameserver 81.210.129.4#53
Mar 24 11:41:23 dnsmasq[66225]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect no-inotify
Mar 24 11:41:23 dnsmasq[66225]: DNS service limited to local subnets