Bug #13065
closed
- Status changed from New to Not a Bug
This is a settings issue, not a bug. Your firewall is almost certainly still set at the default hostname+domain of pfsense.home.arpa. The DNS Resolver already adds an internal automatic local zone declaration for the firewall's "own" domain so adding an override won't be effective. Each separate location should have its own (sub)domain if you want to resolve remote DNS hosts in that way.
Change the domain name of the firewall itself and your override will work like you want.
Jim,I'm not sure what you mean. All three of my sites are on their own local domain (not subdomain).
Site 1 = home.arpa
Site 2 = condo.arpa
Site 3 = jojo.arpa
Where I'm adding the "home.arpa" override is on sites 2 and 3, which is not their "own" domain, so the override should work. This is done so that when the clients on those sites try resolving xxx.home.arpa, the site 1 unbound answers those queries. And this works beautifully not too long ago, for a couple of years already.
Am I missing something on what you're trying to explain? Let me know if you need any logs.
Check the Domain under System > General Setup , that should match whatever the domain for the site is, if it's home.arpa on the other two locations then that conflicts in the way I described.
If you still need help, post on the forum to discuss it deeper.
There is no special handling for home.arpa except when the firewall's own domain is set to home.arpa -- the only places in the source that mention home.arpa are the default configuration where it is the firewall domain and various text descriptions and examples that have no bearing on functionality.
It has to be something in your configuration, environment, or clients, not bug in the code.
That's what I thought, which is why I was pretty convinced this is a "bug". I've exhausted all troubleshooting that I know of so I'm not sure where to ask for help. It's not because of the clients because a DNS lookup on the firewall itself leads to the same issue. This happens only for the home.arpa domain and a packet capture on sites 2/3 don't show any packets destined to the override DNS server (on site 1) when it is for the home.arpa domain. If it's for any other domain, it is working.
Can I provide logs here so they can be looked at and to start reproducing the issue on your end? I really don't have any special configuration aside from using wireguard for my tunnels. Maybe wireguard is causing this?
Please keep the discussion on the forum -- this is not a platform for support.
Also available in: Atom
PDF
Updated by 
Updated by