Netgate SG-1000 microFirewall

Author Topic: DNS Forwarder dnsmasq not working  (Read 125 times)

0 Members and 1 Guest are viewing this topic.

Offline CrisKolkman

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
DNS Forwarder dnsmasq not working
« on: January 04, 2018, 08:35:43 am »
Hello all,

I am trying to use DNS Forwarder to make PfSense response to a specific wildcard domain, but it is not working.
This is my /usr/local/etc/dnsmasq.conf:

Code: [Select]
# Tells dnsmasq to never forward queries for plain names, without dots or domain parts, to upstream nameservers.
# If the name is not known from /etc/hosts or DHCP then a "not found" answer is returned.
domain-needed
# Bogus private reverse lookups.
# All reverse lookups for private IP ranges (ie 192.168.x.x, etc) which are not found in /etc/hosts or the DHCP leases file are answered
# with "no such domain" rather than being forwarded upstream.
bogus-priv
#
# LAN domain lookups
#
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
local=/mydomain/
domain=mydomain
#
# Add the domain to simple names (without a period) in /etc/hosts in the same way as for DHCP-derived names.
# Note that this does not apply to domain names in cnames, PTR records, TXT records etc.
expand-hosts
#
# increase DNS cache size
cache-size=10000
# Set the maximum number of concurrent DNS queries. The default value is 150
dns-forward-max=300
resolv-file=/var/etc/resolv.conf
#conf-dir=/usr/local/etc/dnsmasq.d
address=/.sub.domain.io/127.0.0.1

But it keeps forwarding the requests to Google DNS server:

Code: [Select]
Jan 4 15:34:48 dnsmasq 62855 query[A] testing.sub.domain.io from 192.168.200.244
Jan 4 15:52:08 dnsmasq 62855 forwarded testing.sub.domain.io to 8.8.4.4
Jan 4 15:52:08 dnsmasq 62855 reply testing.sub.domain.io is EXTERNAL_IP

Running:

Code: [Select]
Version 2.4.2-RELEASE-p1 (amd64)
built on Tue Dec 12 13:45:26 CST 2017
FreeBSD 11.1-RELEASE-p6

The system is on the latest version.
Version information updated at Thu Jan 4 15:14:52 CET 2018
« Last Edit: January 04, 2018, 08:53:20 am by CrisKolkman »

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2425
  • Karma: +191/-9
    • View Profile
Re: DNS Forwarder dnsmasq not working
« Reply #1 on: January 04, 2018, 09:40:22 am »
Hi,

I"m using the default Resolver.
Added "sub.domain.io" to the host override, using IP 127.0.0.1.

Then I launched a ping to this domain.
The result - returning IP - was 127.0.0.1.

Mission accomplished ?

See image.

edit : based my reply on https://forum.pfsense.org/index.php?topic=141242.0 from a couple of days ago.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 15127
  • Karma: +1412/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: DNS Forwarder dnsmasq not working
« Reply #2 on: January 04, 2018, 09:42:32 am »
https://doc.pfsense.org/index.php/Wildcard_Records_in_DNS_Forwarder/Resolver

your address has .sub which is wrong..

address=/.sub.domain.io/127.0.0.1

should be
address=/sub.domain.io/127.0.0.1
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)