The company's DC is in the Oracle Cloud, and I connect it to the companies via IPSec, and foward the DNS via Domain Override in pfSense or Bind9.
I recently picked up a Dream Machine from Ubiquiti to test in a smaller office, but I've been having a lot of trouble passing the DNS to this machine in Oracle.
I know there is no way to do this directly in UDM Pro, but even with Bind9 I couldn't, not even by putting the IP of the DC on the machine as DNS or using it as DIG I can ping the domain. Even doing dig with the machine name for the machine IP doesn't work. These tests work everywhere else.
root@srvcafdns:~# dig @<DC IP> domain.local
; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> @<DC IP> domain.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61401
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;domain.local. IN A
;; AUTHORITY SECTION:
. 86392 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023121101 1800 900 604800 86400
;; Query time: 10 msec
;; SERVER: <DC IP>#53(<DC IP>) (UDP)
;; WHEN: Mon Dec 11 16:11:32 -03 2023
;; MSG SIZE rcvd: 115
root@srvcafdns:~# dig @<DC IP> DC_server_name
; <<>> DiG 9.18.19-1~deb12u1-Debian <<>> @<DC IP> DC_server_name
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8298
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;DC_server_name. IN A
;; AUTHORITY SECTION:
. 86376 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2023121101 1800 900 604800 86400
;; Query time: 20 msec
;; SERVER: <DC IP>#53(<DC IP>) (UDP)
;; WHEN: Mon Dec 11 16:11:48 -03 2023
;; MSG SIZE rcvd: 110
root@srvcafdns:~# ping <DC IP>
PING <DC IP> (<DC IP>) 56(84) bytes of data.
64 bytes from <DC IP>: icmp_seq=1 ttl=60 time=9.71 ms
64 bytes from <DC IP>: icmp_seq=2 ttl=60 time=9.71 ms
64 bytes from <DC IP>: icmp_seq=3 ttl=60 time=9.85 ms
64 bytes from <DC IP>: icmp_seq=4 ttl=60 time=9.69 ms
^C
--- <DC IP> ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 9.689/9.742/9.854/0.065 ms
What can it be?
dig A @dc-serverip
nc -zv domain-controller-ip 53
. If the connection is successful then dns traffic is allowedroot@srvcafdns:~# nc -zv dc_ip 53 dc_ip: inverse host lookup failed: Unknown host (UNKNOWN) [dc_ip] 53 (domain) open
nc -zv dc_ip 53