F5F Stay Refreshed Power Users Networks DNS is a simple topic.

DNS is a simple topic.

DNS is a simple topic.

G
GabyruYT10
Member
Find
54
08-12-2016, 09:55 PM
#1
Current configuration looks like this... Cable Modem → Ubiquiti USG → Switch → pfSense → servers. pfSense DHCP assigns my DNS server to the domain. My domain resolves to pfSense, which uses pfBlockNG with DNSBL and GeoIP. DNSLB is transparent, listening on a virtual IP for ports 80 and 443. What’s puzzling me is that I’ve disabled manual DNS entries in System > General and enabled “Allow DNS server list to be overridden by DHCP/PPP on WAN.” My WAN IP remains static. In theory, this should mean no external DNS servers are assigned. When checking Status > Interfaces, only 127.0.0.1 appears as a DNS server. Yet I can still resolve external DNS queries. I’m wondering if it’s sending broadcast packets for DNS lookups or handling names differently. Normally I’d uncheck the override option in System > General, but after doing so, the firewall can’t resolve names anymore—so packages can’t download and aliases can’t update.
Reply
Reply
G
GabyruYT10
08-12-2016, 09:55 PM #1

Current configuration looks like this... Cable Modem → Ubiquiti USG → Switch → pfSense → servers. pfSense DHCP assigns my DNS server to the domain. My domain resolves to pfSense, which uses pfBlockNG with DNSBL and GeoIP. DNSLB is transparent, listening on a virtual IP for ports 80 and 443. What’s puzzling me is that I’ve disabled manual DNS entries in System > General and enabled “Allow DNS server list to be overridden by DHCP/PPP on WAN.” My WAN IP remains static. In theory, this should mean no external DNS servers are assigned. When checking Status > Interfaces, only 127.0.0.1 appears as a DNS server. Yet I can still resolve external DNS queries. I’m wondering if it’s sending broadcast packets for DNS lookups or handling names differently. Normally I’d uncheck the override option in System > General, but after doing so, the firewall can’t resolve names anymore—so packages can’t download and aliases can’t update.

Reply
Reply