|
||||||||||
2009/4/13 Vincent Hämmerli - EXES sà rl <vhaemmerli at exes dot ch> > Hello, > I have the same configuration than Mathias and adding the static route has > solved the problem. > > Thanks for your work guys. > Regards > Vincent > > -----Message d'origine----- > De : Manuel Kasper [mailto:mk at neon1 dot net] > Envoyé : lundi 13 avril 2009 12:07 > À : Mathias Lustig > Cc : m0n0wall at lists dot m0n0 dot ch > Objet : Re: [m0n0wall] Beta 1.3b16 released > > > Hello Mathias, > > On 12.04.2009, at 11:56, Mathias Lustig wrote: > > > with its integrated DNS server for name resolution und because of > > that I've > > set up an entry in the DNS forwarder, which queries our DC for > > everything > > related to the "joho.local" domain. > > > > This feature worked quite fine 'till the upgrade to 1.3b16 last > > night. After > > the upgrade, my m0n0 box just refuses to look up any name from the > > I've had a look at the changes since 1.3b15, but aside from the > addition of the Dnsmasq "--all-servers" option (which is only used if > you explicitly enable it) on the DNS forwarder setup page, I couldn't > see anything that could cause this problem. A quick test of the domain > override feature showed that it works (at least with a basic > configuration). > > If I understand your description correctly, you were having the DNS > forwarder send queries for your AD domain to an upstream DNS server > via an IPsec tunnel. For this to work, the local subnet in the IPsec > tunnel configuration must include the source IP address that the DNS > forwarder chooses to send its queries (which is the WAN interface's > address, unless there are static routes). This is often not the case > for a LAN-to-LAN VPN (where one usually uses the LAN subnet as the > IPsec "local subnet"). > > This of course does not explain why it worked before the upgrade, but > if you can give us some more detail on your addressing scheme, we may > be able to pinpoint the problem and suggest a solution. > > Regards, > > Manuel > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > Hi Vincent, Manuel and everyone else! Manuel, you gave me the right idea to get the DNS lookup working again. I set a static route to send all traffic from WAN Interface via LAN Interface through the IPSec tunnel and everything is fine again - just like vincet did. So why the hell didn't I need this static route before and m0n0 just routed all the DNS requests from its dns forwarder through the IPSec tunnel by itself? I'm a little confused about that ... -- Greetings, Mathias --- Mathias Lustig Rheingaustraße 106 65375 Oestrich-Winkel Tel.: 06723 - 885659 Mobil: 0176 - 20529172 ICQ: 77571225 Jabber: mathias[dot]lustig[at]jabber[dot]ccc[dot]de |