Local DNS (reverse) lookup not working on forwarded zones

jotha · 6 March 2021 16:23

Hello Firewallers,

first to explain my setup:

I implemented two firewalls with its own DHCP and DNS settings.

IPFire #1: fw01.domain1.net (192.168.1.1)
- Green LAN (Servers, Printers, Workstations, SAN Devices…, DHCP) 192.168.1.0/24
- BLUE WLAN (Internal WiFi Devices, DHCP) 192.168.10.0/24
- Orange DMZ (Mail- & Web-Servers)
- Red WAN (connected to WAN-Router)

IPFire #2: fw02.domain2.net (192.168.2.1)
- GREEN LAN (Management connection, no DHCP) 192.168.2.0/24
- BLUE WLAN (Other WLAN Devices, DHCP) 192.168.20.0/24
- Red WAN (connected to WAN-Router)

I added an DNS forward configuration to both IPFires to forward DNS requests for the opposite zones.

fw01:	
	Zone:   domain2.net
	Server:	192.168.2.1

fw02:
	Zone:	domain1.net
	Server:	192.168.1.1

Normal DNS requests are processed as expected, but reverse lookup isn’t working for the forwarded zones.

Test DNS resolving from a client inside domain2.net:

cl1.domain2.net:\> nslookup server1.domain1.net
Server:	fw02.domain2.net
Address:  192.168.2.1

Non-authoritative answer:
Name:   server1.domain1.net
Address:  192.168.1.11

Reverse lookup from domain2.net:

cl1.domain2.net:\> nslookup 192.168.1.11
Server: fw02.domain2.net
Address:  192.168.2.1

*** fw02.domain2.net can't find 192.168.1.11: Non-existent domain

DNS resolve from domain2.net:

cl1.domain2.net:\> nslookup server2.domain2.net
Server:	fw02.domain2.net
Address:  192.168.2.1

Name:   server2.domain2.net
Address:  192.168.2.12

Reverse lookup from domain2.net:

cl1.domain2.net:\> nslookup 192.168.2.12
Server: fw02.domain2.net
Address:  192.168.2.1

Name:   server2.domain2.net
Address: 192.168.2.12

The same behavior with a client from domain1.

Is there any possibility to forward such reverse requests to the ‘external’ zones? Something similar like

fw01:	
	Net:    192.168.2.0/24
	Server:	192.168.2.1

fw02:
	Net:	192.168.1.0/24
	Server:	192.168.1.1

Thanks in advance.
Cheers,
Jörg

scottcline · 15 April 2021 12:45

My internet was working fine this morning, but conveniently, my DNS stopped working when I was trying to access a website that was not loading correctly. Now I cannot access my internet.
I tried what I can to resolve the issue. Nothing worked then after some searches on the internet I found this guide to solve the issue is this ok to use.

bonnietwin · 16 April 2021 13:08

Hi @scottcline

I think first let’s see if DNS is working correctly on IPFire.

On the IPFire menu page Network - Domain Name System does the status line at the top left say Working.

When you press the button labelled Check DNS Servers do all the DNS servers listed show OK in the Status column (if they are enabled).

If the overall status is working and the individual statuses are OK then DNS is working on IPFire.
If overall status is showing red and not Working and all the individual statuses are red and not OK then there is a general problem. If some of the DNS servers are red and not OK then we need to look in the logfile to see what the problem might be. Run the following command to do that.

less /var/log/messages | grep SERVFAIL