I present the context: I have public fixed ip that it's set to my pfsense on the wan; I have internet on my lan; in my lan I have a local DNS server (ubuntu 22.04 with bind9 with ip 10.14.14.10) where I set the zone with an actual domain that I purchased (mm-it.ro); on the register (from where I purchased the domain). I set the domain mm-it.ro to point to my public IP (86.125.220.243); in pfsense, in general setup, I put the ip of the internal DNS server and in NAT&Rules it's set that everything from the wan on port 53 to point to my local DNS server ip.
Now: in LAN everything is working ; I can resolve in browser from any client from my lan: www.mm-it.ro, mail.mm-it.ro. But from the internet I cannot reach the domain; I wait about 72 hours for propagation after I registered the public IP to that domain in the registerar site; nothing I change: a cannot ping to mm-it.ro or ns1.mm-it.ro; in mxtoolbox on dns lookup said
'DNS No Valid NameServers Responded' and after I select "find problems" it said Unable to resolve "mm-it.ro" to an IP address.
I don't know where the problem is: in pfsense or in my dns server setting, because in my local network, everything works? Below find my setting on may server
db.mm-it.ro (fw)
$TTL 604800
@ IN SOA ns1.mm-it.ro. admin.mm-it.ro. (
6 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.mm-it.ro.
IN MX 10 mail.mm-it.ro.
ns1 IN A 10.14.14.10
mm-it.ro. IN A 10.14.14.10
www IN A 10.14.14.11
mail IN A 10.14.14.12
db.10 (reverse)
$TTL 604800
@ IN SOA ns1.mm-it.ro. admin.mm-it.ro. (
5 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.
10 IN PTR ns1.mm-it.ro.
10 IN PTR mm-it.ro.
11 IN PTR www.mm-it.ro.
12 IN PTR mail.mm-it.ro.
named.conf.local
zone "mm-it.ro" {
type master;
file "/etc/bind/db.mm-it.ro";
};
zone "14.14.10.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.10";
};
named.conf.options
acl ips {
86.125.220.243;
localhost;
localnets;
10.14.14.0/24;
};
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
recursion yes;
allow-query { ips; };
allow-query-cache { ips; };
allow-recursion { ips; };
forwarders {
8.8.8.8;
8.8.4.4;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 port 53 { ::1; };
listen-on port 53 { 127.0.0.1; 10.14.14.10; };
};
And in pfserver a have in rules the everyting that come from WAN on port 53 to be redirected to port 53 to my dns server on his ip 10.14.14.10. Also I disabled the services Dns Resolver and DNS Forwarder.
Please help me to point me to where the problem may be.
