Hey guys, I don’t know when or how it happened but as I was trying to use my own DNS server on IPSEC VPN to my guest VLAN with no-responder DNS, I saw that guest devices cant resolve names, even the local ones.
Anyways, I managed to reduce the circle with trouble-shooting and found the culprit. It’s the dst-nat DNS forwarder not working, well it still forwards and forwarded DNS server resolves the name but does not return it to the device. My firewall doesnt get a hit from it, I looked all the other settings as well, no luck.
When I change the forwarded DNS IP other than local like 9.9.9.9, device gets the resolved name as returned. When I set it to my local DNS server, as I said above, it doesn’t get the resolved name.
Also, when I set the local DNS server IP to my device manually or let it get from DHCP, it works OK. So nothing wrong with my DNS server.
What is the problem here? Is anyone here have a clue or educated guess? It drove me crazy last two days because it doesn’t make any sense.
Maybe its the way I implemented VLAN (straight way, no bridge vlan etc. and there’s no packet error), but everything is working as it should, so I really am confused.
edit: My NAT config is no special, nothing out of the ordinary; masq. for WAN, upnp stuff and dst-nat for dns.
Ah, so if it’s all in the ordinary and you’ve decided that you config is so perfect than no one need to look,
then it’s so simple that you can do it yourself without wasting other people’s time on the forum