[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Mathias Lustig <mathias dot baran at googlemail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Beta 1.3b16 released
 Date:  Mon, 13 Apr 2009 12:06:54 +0200
Hello Mathias,

On 12.04.2009, at 11:56, Mathias Lustig wrote:

> with its integrated DNS server for name resolution und because of  
> that I've
> set up an entry in the DNS forwarder, which queries our DC for  
> everything
> related to the "joho.local" domain.
> This feature worked quite fine 'till the upgrade to 1.3b16 last  
> night. After
> the upgrade, my m0n0 box just refuses to look up any name from the

I've had a look at the changes since 1.3b15, but aside from the  
addition of the Dnsmasq "--all-servers" option (which is only used if  
you explicitly enable it) on the DNS forwarder setup page, I couldn't  
see anything that could cause this problem. A quick test of the domain  
override feature showed that it works (at least with a basic  

If I understand your description correctly, you were having the DNS  
forwarder send queries for your AD domain to an upstream DNS server  
via an IPsec tunnel. For this to work, the local subnet in the IPsec  
tunnel configuration must include the source IP address that the DNS  
forwarder chooses to send its queries (which is the WAN interface's  
address, unless there are static routes). This is often not the case  
for a LAN-to-LAN VPN (where one usually uses the LAN subnet as the  
IPsec "local subnet").

This of course does not explain why it worked before the upgrade, but  
if you can give us some more detail on your addressing scheme, we may  
be able to pinpoint the problem and suggest a solution.