Feature #4883
closed
DNS Fowarder domain overrides
0%
Description
Within the DNS forwarder under the domain and host overrides it would be a good feature to allow a list of DNS serer (IP addresses) that can serve the DNS record. Here is a use case. Under normal circumstances I have 3 locations that all have local AS/DNS/DHCP servers. Sometimes one of the 3 servers will have an issue and I'll enabled DHCP on pfSense so that users can get an IP and use pfSense DNS. However to locate DNS resources on the domain I then have to go to the DNS forwarder and point to to another DNS server. It would be a great feature if I could put in a list (AKA. all 3 of my DNS servers) so that when a server fails the DNS forwarder will try all 3 DNS servers.
Updated by Chris Buechler over 8 years ago
- Status changed from New to Rejected
you can, add the same domain multiple times.
Updated by Phillip Davis over 8 years ago
That certainly works with DNS Resolver (unbound).
https://redmine.pfsense.org/issues/4350
https://github.com/pfsense/pfsense/commit/fc2e17f3a70b9c39fb9a8bd691d9d124b2ba11fa
I never found a way to do it with DNS Forwarder (dnsmasq). dnsmasq does not seem to support it.
Updated by Chris Buechler over 8 years ago
- Status changed from Rejected to Needs Patch
yes, true, I misread that as Resolver.
If dnsmasq implements same support, we can definitely implement there as well. Should be able to switch to Resolver instead where you need that support.
If dnsmasq adds that, feel free to bump this ticket.
Updated by Adam Esslinger over 8 years ago
Today I tried switching from forwarder to resolver and was unable to get resolver to resolve against multiple entries. I went into DNS Resolver and added the domain pointing to an invalid IP address, then added the same domain name with a valid DNS server. When I go to Diagnostics> DNS Lookup Im unable to perform a lookup on that domain. If I change the invalid IP of the first entry to a valid IP it will then resolve. Either Im doing something wrong or this does not work in resolver either.
Updated by Phillip Davis over 8 years ago
From Diagnostics->DNS Lookup it was reporting stuff from the upstream public DNS for me, as well as 127.0.0.1 so I used the command line instead to make sure.
On pfSense 2.2.4-RELEASE
host name.myinternal.domain.org.
On a client Windows system:
nslookup name.myinternal.domain.org.
Changed both domain override entries to wrong IP addresses, none of the lookups work - as expected.
Changed any one of the domain override entries to a correct IP address - lookups worked from both pfSense and client.
Changed any both of the domain override entries to a correct IP address - lookups worked from both pfSense and client.
As far as I can see this is working for me.