DNS not getting translated into IP, using PfSense

Hi guys,
We are using PfSense. and are experiencing problems accessing our address blah.blah.blah from our local network.
It is however Working from Any Other Network…

IP is on Local Network, towards which the DNS is supposed to point.
The issue appears to be DNS not getting Resolved or Forwarded or something else, to IP which is on our Local Network.
Pings are going through nicely, as if everything was working properly…

Even crazy ideas are welcome at this point.

P.S. Atm the version of PfSense that we are using is a little bit outdated.
Thank you.

DNS Host Overrides is what you are looking for: Services — DNS Resolver — Host Overrides | pfSense Documentation

For example, if you have a server with IP on your local network that should be reachable at mylocalserver.domain.tld, it would look like this:

Or you could add the following lines to the Custom Options field under Services → DNS Resolver → General Settings:

local-zone: "mylocalserver.domain.tld" redirect
local-data: "mylocalserver.domain.tld 3600 IN A"

We have that part done, still not working…
Maybe there is some checkbox somewhere that we didn’t tick :man_shrugging:

Two things come to mind:

  • Are your clients actuially using your pfSense box as their upstream DNS resolver…?

  • Is the DNS Resolver on your pfSense active on all interfaces, respectively is the corresponding interface / subnet selected under Services → DNS Resolver → General Setting → Network Interfaces ?

Looks ok to me.

What’s the result if you try to lookup your server under “Diagnostics → DNS Lookup”? If it resolves the correct IP, maybe the issue is on the client side.

Do the clients actually use pfSense as their primary DNS server?

How exactly does the error manifest itself? Did you test with tools like dig or nslookup or did you encounter the issue only in certain applications like e.g. a browser? If you are trying to access your server from a browser, make sure that the browser isn’t exclusively using DNS over TLS or DNS over HTTPS.

Other than that, I can’t think of anything else right now. Maybe others here have some more ideas…

Do you have your general DNS settings set to use local DNS, remote fallback?

Hi @slo.bo.dan
for internal DNS resolution, is there an DNS Server like Microsoft AD integrated DNS oder BIND DNS in place ? cause is see not your domain e.g. mylocalserver.domain pointed to your internal DNS Server to resolve the FQDN to an IP :thinking: in my case, i’ve an BIND9 for internal ressources and and forwarder to my permitter firewall for all of the other DNS requests. That’s working fine.


DNS Lookup works. Ping passes through nicely. Traceroute works?
Pictures in attachment.

Can only upload 1 image per reply.

Does Traceroute look normal?

Has the ping been initiated on a client device? If yes, did you ping the actual domain name, and did it resolve the correct IP address?

If you can answer all questions with a yes, then the DNS override on the pfSense is working and the problem most likely lies somewhere on the client side, if it is a DNS issue at all…

This would bring me to the following questions:

  • What exactly brings you to the conclusion that this is a DNS issue?

  • What service are you trying to access (web application, SAMBA share, SSH etc.) and how exactly do you try to access it? (Web browser, a specific client application, …)

  • From where are you trying to access it? (PC, Mobile etc…) and what OS is the client using (Windows, macOS, Linux, Android etc…)

  • How exactly does the error manifest itself? (timeout, error message, etc…)

Could be because traceroute uses UDP per default, which may be blocked. You can force it to use ICMP instead by adding the -I option…

traceroute -I yourserver.domain.tld

If you’re on Windows you can use tracert, which should use ICMP per default. (not a 100% sure, though.)

Screenshot 2023-04-12 104518

Yes. Pinged from my laptop.
Yes, pinged the domain name.
Yes it resolved the correct IP address (from PfSense correct internal IP, from CMD displayed correct external IP).

  1. The guy who quit this job before i got it, before leaving said it was a DNS issue, and that he had this happen before and that he resolved it with DNS Forwarder or DNS Resolver

  2. Its like a web app thats hosted on a server locally, for a bunch of Professors to input their stuff.

  3. On a browser / PC, they would access it normally through domain name, or worst case scenario directly typing in the IP. Both cases dont work from the browser anymore.
    (interesting though it does appears to work when typing in internal server IP/student-portal. So for Students it works, just not for Professors atm)
    (also the locally hosted app is maintained by a company externally, and it should be fully functional, so the problem appears to have to be somewhere on our local network)

  4. “This site cant be reached”, timeout msg.

That’s not what your screenshot says. is not a public IP address.

Screenshot 2023-04-12 110706

yeah form pfsense it displayed internal ip, from cmd (little black img i shared recently) it displayed external ip

Ah ok.

Asuming you’re using Windows on your laptop… What DNS servers does it use? https://www.thewindowsclub.com/how-to-find-dns-server-on-windows

Yup, I have to use windows here.

Oh yes also interesting from any other IP everything works. The DNS issue to Professor portal just appears to be local…

Will try to check DNS servers