Alright. I got it. Thanks to all that responded. There were a couple of duplicate rules in the rules table from the automatically entered rules and from me deleting and re-adding, etc. I deleted all references to DNS from the NAT tables and the Rules tables and then re-created them all. They work fine.
Thanks to all who responded. --Curtis > > On Nov 5, 2010, at 9:24 PM, Curtis Maurand wrote: > >> I have a DNS server behind a pfsense box. The dns forwarder is enabled >> (I've tried disabling it.) >> >> Without the forwarder, dns queries from behind the pfsense box don't >> resolve, not ever. >> With the forwarder dns queries resolve and the active directory works >> fine as the windows servers forward all their queries to the pfsense box >> and they are handled. >> >> My problem is that there is an unrelated dns server behind the pfsense >> machine that needs to answer to the outside world. I set up a virtual >> ip address (tried it all three ways) and set up a NAT rule to forward >> TCP/UDP on port 53 DNS to the server inside. TCP queries work, but UDP >> queries time out against the virtual address, but work fine on actual >> address. Have I run into something. >> >> WanIP forwarded to inside server works both tcp and udp. >> Virtual IP forwarded to inside server works tcp >> Virtual IP forwarded to inside server fails udp. >> >> Most dns queries are udp except for dnssec, dkim and spf. > > Corresponding firewall rules? my internal machine is running DNS as well, > and I allowed it to query the outside world, and works just fine > through my pfsense box. > > You could also tcpdump on the pflog0 interface and see what is going on > and what is getting blocked.. > >> >> Any ideas? >> >> I'm running a 1.2.3-RELEASE built nearly a year ago. >> >> Thanks, >> Curtis >> > > -- > /"\ Best regards, | [email protected] > \ / Remko Lodder | > X http://www.evilcoder.org/ | Quis custodiet ipsos custodes > / \ ASCII Ribbon Campaign | Against HTML Mail and News > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
