We are running Xenserver hyper-visor and I created 5 VM and 1VM for pfSense so all VMs are in 172.16.0.0/24 range attached to pfSenese LAN interface. pfSense has two interfaces: LAN (172.16.0.100 as a gateway for all VMs) and WAN with Failover_IP (public IP).
I registered domains with our Failover_IP (public IP) and all of them are pinging. One of our domain is chineesmetal.com. This domain resides on our one of VPS that has hostname OracleLinux1.Onlinenics.net
Now I tried in pfSense as following:
- Services => DNS Forwarder
- Checked option
Enable DNS forwarder
&Register DHCP leases in DNS forwarder
- Services => DNS Forwarder => Advanced => address=/coldrol.com/172.16.0.1
- Services => DNS Forwarder =>Host Overrides and did the following:
but not forwarding with following error when I access chineesmetal.com in browser:
Potential DNS Rebind attack detected, see
http://en.wikipedia.org/wiki/DNS_rebinding
Try accessing the router by IP address instead
of by hostname.
I just removed BIND from pfSense and simply forwarded port 53 (DNS) to the concerned VPS and all domains on failover IP started working but my question is this for one vps on one specific IP its working but how pfSense will recognize other vps domains while ports are same on each server e.g. port 80, 8443, 25, 587 110 etc.
How to configure pfSense in this case?
please advise
Best Answer
This issue is very well documented in Pfsense with workaround: DNS Rebinding Protections