Replacing FreeNAS 9.3 with brand new TrueNAS-12.0-U7 server on a physical box, and cannot resolve DNS from my Windows Server which is located on another subnet.
Subnets are linked via pfsense site-to-site OpenVPN connections (hub and spoke topology - the hub being a cloud-based pfsense - the DNS server being on another spoke).
IPs are assigned by reserved DHCP and specify my Windows DNS server only: 192.168.0.2. This is important to me as I'm trying to get AD integration working which requires that the Windows AD server is the DNS server. If I change to public DNS then TrueNAS resolves hostnames properly.
Now the weirdness:
Some further info from TrueNAS:
I can send the equivalent of the above from FreeNAS box if it would help, for comparison. Not much different though, except I use dig instead of drill and of course the ping google.com works no problem.
I've had several network experts look at this without success. It is a rather complex set-up with all the pfsense/openvpn fingers in the pie.
This could well be a FreeBSD issue rather than TrueNAS.
Thoughts anyone?
Subnets are linked via pfsense site-to-site OpenVPN connections (hub and spoke topology - the hub being a cloud-based pfsense - the DNS server being on another spoke).
IPs are assigned by reserved DHCP and specify my Windows DNS server only: 192.168.0.2. This is important to me as I'm trying to get AD integration working which requires that the Windows AD server is the DNS server. If I change to public DNS then TrueNAS resolves hostnames properly.
Now the weirdness:
- Win10 laptop on same subnet as TrueNAS, with same DNS server config, resolves DNS no problem. Can join computers to AD over the vpn no problem.
- Old FreeNAS 9.3 on same subnet as TrueNAS, with same DNS server config, resolves DNS no problem.
- Both nslookup and drill commands on TrueNAS return host info from DNS server no problem.
- But a simple 'ping google.com' gets 'ping: cannot resolve google.com: Host name lookup failure'.
Some further info from TrueNAS:
Code:
root@truenas-cs[~]# cat /etc/resolv.conf # Generated by resolvconf search BHSC.local nameserver 192.168.0.2
Code:
root@truenas-cs[~]# ping google.com ping: cannot resolve google.com: Host name lookup failure
Code:
root@truenas-cs[~]# ping -c 1 192.168.0.2 PING 192.168.0.2 (192.168.0.2): 56 data bytes 92 bytes from 172.27.120.1: Redirect Host(New addr: 0.0.0.0) Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 43b8 0 0000 3e 01 ad7f 192.168.10.31 192.168.0.2 64 bytes from 192.168.0.2: icmp_seq=0 ttl=125 time=27.777 ms --- 192.168.0.2 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 27.777/27.777/27.777/0.000 ms
Code:
root@truenas-cs[~]# nslookup google.com Server: 192.168.0.2 Address: 192.168.0.2#53 Non-authoritative answer: Name: google.com Address: 142.250.67.14 Name: google.com Address: 2404:6800:4006:812::200e
Code:
root@truenas-cs[~]# drill @192.168.0.2 google.com ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 64808 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; google.com. IN A ;; ANSWER SECTION: google.com. 287 IN A 172.217.24.46 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 40 msec ;; SERVER: 192.168.0.2 ;; WHEN: Sun Jan 16 15:05:04 2022 ;; MSG SIZE rcvd: 44
I can send the equivalent of the above from FreeNAS box if it would help, for comparison. Not much different though, except I use dig instead of drill and of course the ping google.com works no problem.
I've had several network experts look at this without success. It is a rather complex set-up with all the pfsense/openvpn fingers in the pie.
This could well be a FreeBSD issue rather than TrueNAS.
Thoughts anyone?