Hello Firewallers,
first to explain my setup:
I implemented two firewalls with its own DHCP and DNS settings.
IPFire #1: fw01.domain1.net (192.168.1.1)
- Green LAN (Servers, Printers, Workstations, SAN Devices…, DHCP) 192.168.1.0/24
- BLUE WLAN (Internal WiFi Devices, DHCP) 192.168.10.0/24
- Orange DMZ (Mail- & Web-Servers)
- Red WAN (connected to WAN-Router)
IPFire #2: fw02.domain2.net (192.168.2.1)
- GREEN LAN (Management connection, no DHCP) 192.168.2.0/24
- BLUE WLAN (Other WLAN Devices, DHCP) 192.168.20.0/24
- Red WAN (connected to WAN-Router)
I added an DNS forward configuration to both IPFires to forward DNS requests for the opposite zones.
fw01:
Zone: domain2.net
Server: 192.168.2.1
fw02:
Zone: domain1.net
Server: 192.168.1.1
Normal DNS requests are processed as expected, but reverse lookup isn’t working for the forwarded zones.
Test DNS resolving from a client inside domain2.net:
cl1.domain2.net:\> nslookup server1.domain1.net
Server: fw02.domain2.net
Address: 192.168.2.1
Non-authoritative answer:
Name: server1.domain1.net
Address: 192.168.1.11
Reverse lookup from domain2.net:
cl1.domain2.net:\> nslookup 192.168.1.11
Server: fw02.domain2.net
Address: 192.168.2.1
*** fw02.domain2.net can't find 192.168.1.11: Non-existent domain
DNS resolve from domain2.net:
cl1.domain2.net:\> nslookup server2.domain2.net
Server: fw02.domain2.net
Address: 192.168.2.1
Name: server2.domain2.net
Address: 192.168.2.12
Reverse lookup from domain2.net:
cl1.domain2.net:\> nslookup 192.168.2.12
Server: fw02.domain2.net
Address: 192.168.2.1
Name: server2.domain2.net
Address: 192.168.2.12
The same behavior with a client from domain1.
Is there any possibility to forward such reverse requests to the ‘external’ zones? Something similar like
fw01:
Net: 192.168.2.0/24
Server: 192.168.2.1
fw02:
Net: 192.168.1.0/24
Server: 192.168.1.1
Thanks in advance.
Cheers,
Jörg