Requesting help for accessing DNS between 2 interfaces.

Started by dr_kay, September 02, 2024, 02:48:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 02, 2024, 02:48:24 PM Last Edit: September 02, 2024, 05:06:26 PM by dr_kay
Reaching out to more knowledgable folks here! Please assist. TA

System Info:

OPNsense 24.1.10_8-amd64
FreeBSD 13.2-RELEASE-p11
OpenSSL 3.0.14

Network A
LAN
10.10.100.0/24
Interface: igc0

Network B
LAB
10.10.200.0/24
Interface: igc1

Firewall Rule dictate:
- All Traffic from LAN to LAB is allowed to pas , however not the other way around.
i.e: No Traffic can pass from LAB to LAN

In my LAB Network, I've a Proxmox Machine running bunch of services across various VM's and LXC's each with individual IP allocation.

Proxmox IP: 10.10.200.40
Primary DNS: 10.10.200.3 (pihole1) which runs in an LXC
Alternative DNS: 10.10.200.4 (pihole2) which runs in an LXC

Both instances have Local DNS entries as can be seen in the screenshot below.
https://ibb.co/fGVpD6h

Nginx Proxy Manager IP: 10.10.200.2

These are then pointed to correct ports and whatnot below.
https://ibb.co/h9CpZL6

End result being that I'm available to reach my internal services via domain name and not have to remember IP's! This took a crap loads to figure out.

ISSUE:

As our main network is LAN , I'd like to access and manage these through laptops, pc's connected on the LAN Network but I'm unable to as it simply fails saying "DNS_PROBE_FINISHED_NXDOMAIN" on all browsers.

Although, I'm able to access each of the services via their IP's just fine.

Example:

Switch on LAB Network
IP: 10.10.200.10 (can access)
URL: https://sw-lab.nerdbit.org (cannot access)

I've a feeling this is something to do with DNS, but I'm hitting a brick wall and unable to figure out where? Would appreciate any help at all. Happy to shout a beer or donate! Been big time supporter of OPNSense project and cant imagine life without it to be honest.

Cheers
Kay!
September 02, 2024, 05:11:57 PM #1
So,

You are using Local DNS records on Pihole that point to NPM as Reverse proxy to the specific Hosts?

Do you have proper MASKs configured on all of these devices? /24
Can your PC from which you try to access the domain resolve the domain? do nslookup sw-lab.nerdbit.org
Is your PC using the DNS that has these local records set?
Do you have proper certificates or wildcart certificate on NPM with domains properly set to use these certs?

That error you got basically means domain can not be resolved

QuoteDNS_PROBE_FINISHED_NXDOMAIN is an error that occurs when your DNS fails to resolve the domain name or address. It happens when the Domain Name System (DNS) fails to connect domain names with actual web servers. The NXDOMAIN part stands for Non-Existent Domain.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
September 02, 2024, 05:27:14 PM #2 Last Edit: September 02, 2024, 05:31:04 PM by dr_kay
Firstly, thanks a lot of responding to my post!  :D , responses below to the best of my ability.

You are using Local DNS records on Pihole that point to NPM as Reverse proxy to the specific Hosts?
Yes

Do you have proper MASKs configured on all of these devices? /24
Not entirely sure about this, but all the services get their IP's directly from OPNSense on Network: LAB which is on 10.10.200.0/24 Network

Can your PC from which you try to access the domain resolve the domain? do nslookup sw-lab.nerdbit.org

Last login: Mon Sep  2 22:13:36 on ttys000~ % nslookup sw-lab.nerdbit.orgServer:      10.10.100.1 Address:   10.10.100.1#53
** server can't find sw-lab.nerdbit.org: NXDOMAINIs your PC using the DNS that has these local records set?

This PC/Laptop is on LAN network which is on 10.10.100.0/24 Network.
hough not explicity specified, the DNS is 10.10.100.1 (which basically is OPNSense Firewall itself), I do however have adguard running on it, not sure if that will help?

Do you have proper certificates or wildcard certificate on NPM with domains properly set to use these certs?

As I'm navigating my way through this, I simply setup a wildcard .*nerdbit.org SSL and used it for all the services and seems to be working as long as I'm connected to LAB network only. Open to making changes.

I've the domain registered with Cloudfare if that helps.Thanks yet again.
September 02, 2024, 06:32:12 PM #3
Well there is your problem >

QuoteLast login: Mon Sep  2 22:13:36 on ttys000~

% nslookup sw-lab.nerdbit.org
Server:      10.10.100.1
Address:   10.10.100.1#53
** server can't find sw-lab.nerdbit.org: NXDOMAIN

Your DNS server doesnt know those records for these domains.

Quote
This PC/Laptop is on LAN network which is on 10.10.100.0/24 Network.
hough not explicity specified, the DNS is 10.10.100.1 (which basically is OPNSense Firewall itself), I do however have adguard running on it, not sure if that will help?

You set the records for domains on the Pihole, but your DNS server for that host is not the Pihole .3 .4 but its the OPnsense that doesn't have these records .1

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
Print
Go Up Pages1
User actions