OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • DNS forwarder cannot resolve site to site hosts
« previous next »
  • Print
Pages: [1]

Author Topic: DNS forwarder cannot resolve site to site hosts  (Read 3089 times)

akashkaveti

  • Newbie
  • *
  • Posts: 8
  • Karma: 0
    • View Profile
DNS forwarder cannot resolve site to site hosts
« on: September 05, 2017, 04:56:53 pm »
We have a site to site connection which uses open vpn. The VPN connection working fine, But Cannot resolve hostnames from site B in Site A or vice versa.

But using same DNS forwarder can resolve the host names from AWS VPN Connection(Uses OpenVPN)

DNS Forwarder Configuration.

Enable DNS forwarder   Enable
DHCP registration           Enable
Static DHCP                           Enable
Prefer DHCP                           Enable
DNS Query Forwarding   blank
Listen Port                           blank (53)
Interfaces                           All
Strict binding                           blank

AT Site A
Domain   abc.tld
IP address   192.168.2.1 (this is IP address of Opnsense Box at Main Site B)
Source IP   192.168.1.1 (this is local IP address of opnsense Box at Remote Site A)


AT Site B
Domain   abcd.tld
IP address   192.168.1.1 (this is IP address of Opnsense Box at Main Site A)
Source IP   192.168.2.1 (this is local IP address of opnsense Box at Remote Site B)


Note: Generally, all 192.168.1.x or 192.168.2.x ip addresses are reachable from both sites flawlessly.

Thanks.
« Last Edit: September 05, 2017, 04:59:18 pm by akashkaveti »
Logged

hutiucip

  • Sr. Member
  • ****
  • Posts: 284
  • Karma: 50
    • View Profile
Re: DNS forwarder cannot resolve site to site hosts
« Reply #1 on: September 06, 2017, 10:23:52 am »
Hello!

Do "domain overrides" at both sites as follows:

Site A:

abcd.tld - 192.168.2.1
2.168.192.in-addr.arpa - 192.168.2.1

Site B:

abc.tld - 192.168.1.1
1.168.192.in-addr.arpa - 192.168.1.1

So, you will have both normal (FQDN) and reverse (IP address) DNS resolving in between sites.
It is important to know that, from one site to the other, you will not get DNS resolving of host names only, you really must use FQDNs:
Code: [Select]
ping hostname1 will not work, you are required to use
Code: [Select]
ping hostname1.abc.tld
I hope it helps! :)
Logged

akashkaveti

  • Newbie
  • *
  • Posts: 8
  • Karma: 0
    • View Profile
Re: DNS forwarder cannot resolve site to site hosts
« Reply #2 on: September 06, 2017, 04:44:46 pm »
Hello,

I have changed the domain overrides as you described, but still hostnames weren't resolving.

I have been testing with FQDN  not with just hostname :)
Logged

hutiucip

  • Sr. Member
  • ****
  • Posts: 284
  • Karma: 50
    • View Profile
Re: DNS forwarder cannot resolve site to site hosts
« Reply #3 on: September 08, 2017, 11:38:31 am »
It should work: I do have name resolution even over VPN (OpenVPN site-to-site), my setup is exactly as advised upon.

I don't know what else could be the culprit. :(

Be aware, though, if you are using the resolver (Unbound DNS) instead of DNSmask DNS, you also have to add your sites' IP ranges in the ACL.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • DNS forwarder cannot resolve site to site hosts
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2