I might have a configuration problem with DNS forwarder.Setup:
I already have a DNS server running on a Debian machine (192.168.0.5, with bind9 9.7.3)
which is responsible for resolving the internal local domain "mycompany.ext.
" to the LAN (192.168.0.0/24)
. This domain is automatically populated by Dynamic DNS, the DHCP service being on the same Debian server.
The pfSense (192.168.0.1)
is responsible for resolving the other Internet
domains with the "DNS servers" list located at "System: General Setup":
Computers located inside the LAN are told (via DHCP) to use 192.168.0.1 (pfSense) as DNS server (and as their gateway) so that Internet resolution can be asked to 22.214.171.124 by pfSense on behalf of local computers.
To resolve "mycompany.ext.
" domain I tried to use "Services: DNS forwarder" by adding the following infos ne into the "Domain Overrides" list:
This Internet-resolution works fine but the local is buggy: at start it works fine, but after some time it won't find resolve local addresses:
$ nslookup xxxxx.mycompany.ext 192.168.0.1
server can't find xxxxx.mycompany.ext: NXDOMAIN
Whereas if asking to the Debian DNS:
$ nslookup xxxxx.mycompany.ext 192.168.0.5
For the pfSense to give an answer again, I have to disable and then enable the "DNS forwarder".Possible cause:
I suspect the DNS forwarder service to have asked 192.168.0.5 for "xxxxx.mycompany.ext" once while this machine was out of the office for a while (thus it's A record were deleted/obsolated from 192.168.0.5 and it's returned that answer to pfSense) and to have cached this result. Thus, even when the A record has been recreated by DDNS on 192.168.0.5, pfSense keeps saying NXDOMAIN
to any request.