Project

General

Profile

Actions

Bug #3868

closed

Problem with DNSmasq resolution when using multiple DNS suffixes

Added by Eduard Rozenberg over 9 years ago. Updated over 9 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
DNS Forwarder
Target version:
-
Start date:
09/17/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1.x
Affected Architecture:
amd64

Description

Hello,

My pfSense DHCP server is configured to give out the following "Domain search list"
(names changed):

lan.city1.mycompany.net;mycompany.net;city2.mycompany.net

I'm running the pfSense DNS forwarder which responds to all DNS queries on the LAN.

If I ping a host on the "company.net" domain (a machine not on the local LAN),
using for example "ping server1" I get a strange response sometimes
(does not happen 100% of the time):

PING server1.lan.city1.mycompany.net (198.105.254.68): 56 data bytes

I get this also when doing the ping on the pfsense box itself.

This IP (198.105.254.68) is not configured anywhere on the
pfSense firewall so I have no idea where it comes from, and
why pfSense gives this as a DNS response. The proper response
would be record not found so that my LAN machines would
work their way through the DNS suffix list until they find
the correct match.

========

Version 2.1.5-RELEASE (amd64)
built on Wed Aug 27 15:14:26 EDT 2014
FreeBSD 8.3-RELEASE-p16

You are on the latest version.
Platform pfSense
CPU Type Intel(R) Atom(TM) CPU D525 @ 1.80GHz
4 CPUs: 1 package(s) x 2 core(s) x 2 HTT threads

Actions #1

Updated by Phillip Davis over 9 years ago

Go to 198.105.254.68 in your browser, it comes up with http://searchassist.dyndns.com
Somewhere you are using DynDNS as your upstream DNS server. DynDNS is being "helpful" and provides an IP that points to its search assistant facility when it is asked a host name that is not known, rather than returning NXDOMAIN.
You need to add Domain Overrides or something to tell DNS Forwarder where to send DNS queries for your own domains that are not listed out on the public internet.
Post to the forum for help.

Actions #2

Updated by Jim Pingle over 9 years ago

  • Status changed from New to Rejected

This is a local config and upstream DNS issue, not a bug.

Actions #3

Updated by Eduard Rozenberg over 9 years ago

Thanks for the tips, had a brain freeze and didn't think to see where that mystery IP went :). I configured that Dyn DNS service not to serve up their wonderful "Internet Guide Landing Page" and instead return an error as things should be. Things are working fine now thanks!

Actions

Also available in: Atom PDF