Bug #2996
closed
DNS forwarder & Domain Overrides does not work thru ipsec tunnels
0%
Description
Effekt similar to #1352 but with ipsec:
2 networks- .net1.lan [192.168.1.0/24]
- .net2.lan [192.168.2.0/24]
are connected thru ipsec with pfsense (2.0.3) on both sides.
both firewalls passes all packages on ipsec. "Normal" traffic works as expected from both sides except DNS.
To be able to resolve server names on the other side we defined "Domain Overrides" on "DNS forwarder" with IP of the LAN device on the other side:
on net1 we defined domain overrides:
net2.lan: 192.168.2.1
explcit dns lookups from LAN work as expected like from net1 LAN:
nslookup host1.net2.lan 192.168.2.1
brings expected result. When using the local DNS pfsense returns timeouts:
nslookup host1.net2.lan 192.168.1.1 ;; connection timed out; no servers could be reached
Same effect when using "Diagnostics/DNS Lookups" on pfsense1 in the web ui and query host1.net2.lan
Updated by Jim Pingle over 12 years ago
- Status changed from New to Rejected
Already fixed on 2.1, you must set the source address of the query.
You can do this using custom options on the DNS Forwarder page on 2.0.x, such as:
server=/net1.lan/x.x.x.x@y.y.y.y
x.x.x.x is the remote DNS server IP, y.y.y.y is the local query source IP.
If that doesn't work, try 2.1 and post in the forum for further assistance.
Updated by heiko robert over 12 years ago
excellent! works as suggested
Thanks a lot!