pfSense » pfSense Packages

Any news on this?

I would really like to patch the stuff and make it work. All I'm waiting for is some response on this to know how it is expected to work.

Thanks!

KR,

Grimeton

Hello,

I have the same problem as well.
I need to manually create the file in /var/etc/dnscache${index}/root/i for the forwarder to respond.
I don't think assign the forwarder to the loopback interface and use port forward is the good solution.

Thank you for your help

-Nico

Similar problem here. I had a post in the forums about this also: http://forum.pfsense.org/index.php/topic,36823.0.html

With pfSense 2.0.1, I get both 127.0.0.1 and my LAN IP in /var/etc/dnscache0/root/ip/ and servers/@ is empty. After fixing both of these manually, dig works correctly when ran on pfsense, but a client machine gets no response. I don't know why this is as there are no firewall rules preventing access to DNS from the LAN.

It seems like the dnscache portion of dns-server is broken.

You might try switching to manual outbound NAT, and make sure you have a NAT rule for traffic leaving each interface that covers 127.0.0.1, such as:
Interface: LAN
Source: 127.0.0.1
Destination: any
Translation: Interface address

If it's trying to source the replies from 127.0.0.1 and there is no NAT, it could be breaking. See #1528

I just found this post in the forums with patches to fix some of these issues: http://forum.pfsense.org/index.php/topic,44413.0.html

My non-response problems is because I had my LAN IP in root/ip/ rather than the LAN subnet. If I use the "Respond to IP" configuration field and add my LAN subnet it works.

Now the forwarder works, but I'm not getting any response from TinyDNS.

I found that if you check the option "Allow DNS server list to be overridden by DHCP/PPP on WAN" on pfsense GUI, you dont need to manually create /var/etc/nameserver_something.
Is there a way to make dnscache reads /etc/resolv.conf to gets the name servers instead of nameserver_something? (or anyway else)

The patches from https://forum.pfsense.org/index.php?topic=44413.msg236701#msg236701 have been merged, looking at the relevant tinydns.inc part concerning dnscache pretty much nothing from the OP applies to current code, the interface(s) to listen on and IPs to which the the recursive resolver should respond are configurable in the GUI [1]. Dnscache servers are configurable via /var/etc/nameserver_*

[1] https://github.com/pfsense/pfsense-packages/blob/master/config/tinydns/tinydns.inc#L231
[2] https://github.com/pfsense/pfsense-packages/blob/master/config/tinydns/tinydns.inc#L1156

What's identifiable from the comments here has been fixed, for anything else, best to file a new bug.