I’ve tried it with /, and /index.html, and by putting http:// in the front.
I don’t use a reverse proxy but I do have my own top level domain served from my DNS server (pfSense). All of my machines are below this domain.
I don’t particularly want to set up a reverse proxy for this.
@rlkoshak
I may have missed this, but have you tried ping or traceroute to the URLs you´re having problems with?
OK, I have another piece of information.
I’m not sure if this is just a fluke or if I’ve changed something to make this work better.
In pfSense’s DHCP server config there is a field to provide the default domain name. By default it is supposed to take the domain name from the pfSense machine so I left it blank. After @5iver’s suggestion I went in and added my domain name there instead of depending on it picking up the default.
Now I can access all my machines without the domain. However, if I use the domain I end up at a facebook page. A bit of whois sleuthing and I’ve inadvertently chosen an internal domain that exists out there on the interwebs. So I for some reason it is not giving me my internal hosts. I may need to pick a new internal domain name.
It just occurred to me that the machines it is having a problem with may not have the FQDN set on the host, just on the DHCP server and DNS. I need to look more closely to verify this.
I need to do some more research but this is starting to make a little bit more sense now. Why Chrome is the only thing that cared is still a mystery though.
From the command prompt on any of my machines I’m able to ping, traceroute, and ssh using just the host name or the FQDN. I installed PingTools on my Android and I can get to any of my internal servers in two hops with the expected IP as expected.
Something weird going on in your Chrome somewhere. Unfortunatly, I have no idea what might have an impact on this or where to look in Chrome.
I remember seeing somewhere that Android devices always try to use Google’s DNS servers, even if you’ve got your own internal ones set as a higher preference.
Might help you stop banging your head against the brick wall with just Android devices if you get everything else sorted!
Are you using your own dns server (unbound on pfSense) or dns forwarding? If hosting your own, have you set up your pfsense as master for your local domain?
Also you can override dns forwarding for specific domains by adding them as static entries in your dns server page.
Finally, if you haven’t already, you may want to set your dhcp server to update your dns server with details of any ip leases it is giving out (“Enable registration of dhcp clients…” option) - though I’ve found this a bit annoying as it seems to restart the complete unbound service each time, rather than reloading new ips, which means losing dns services for a second or so whenever this happens, especially if you have a large list of static dns entries (e.g. if you use pfBlockerNG etc).
I’m not sure what you mean by unbound (I’m far from an expert in this stuff). I am using the DHCP server and DNS Resolver built into pfSense.
I did have the DNS Query Forwarding checked in the options for the DNS Resolver but unchecking that did not change the behavior on the phone or on my machines.
I have System Domain Local Zone Type set to Transparent.
I do not have the DNS Forwarder enabled.
I do have a host override in place for an OpenVPN Client but not a Domain Override. I added an override for my local domain and pointed it to pfSense as the lookup server IP Address. But I’m still seeing the same behavior on my phone. I suppose I could and should also add overrides for each hosts and be done with it but that seems like it will be a lot of work and only masks the root problem instead of actually solving it. I don’t mind the work but I’d rather have it set up correctly in the first place if I have messed something up.
I do have this set up. I’m also checking to create a static ARP in the DHCP server for all the static mappings.
Thanks for the advice. It didn’t occur to me that I could do host overrides on the server.
If you are using a recent version of pfSense the built in DNS resolver (as opposed to the built-in DNS forwarder) is called “unbound”. As this is a full blown DNS server, you can set it to be the master for any domain - even if that domain is also there on the internet. In fact, this sort of split dns can be quite useful if you are hosting certain parts of a domain in one location, and other parts elsewhere.
In your case, rather than doing individual host overrides, I would look to do a domain override. You may also want to select “Register DHCP leases in the DNS Resolver” and “Register DHCP static mappings in the DNS Resolver”.
I would then go to another device, e.g. your phone or another PC, if you have an nslookup or dig app, and do a lookup of your local servers. If all is working correctly, you should see your pfSense’s dns resolver replying with the host address on your local lan.
I’m running the Community edition of 2.4.3 (I see that 2.4.4 was recently released).
And I just did what one should never do. I mindlessly trued to to an upgrade and now lost all access. Even when one knows better we still do stupid things sometimes. Luckily everything came back online and I’m now on 2.4.4.
I have a Domain Override:
Both register options are checked.
I downloaded an nslookup app for my phone.
The phone is connected via OpenVPN and OpenVPN is configured to force all IPv4 traffic through the tunnel (maybe the problem is I don’t have IPv6 also checked?) and pass the domain name and pass only the pfSense host as the DNS server. I don’t think any of this really matters though because I see the same behavior on my phone when I’m home on my LAN without going through the VPN. But I mention it just in case. When I do a DNS Leak Test I see that the phone is using the same DNS servers as my home machines.
On a machine I remotely access that is on the LAN, nslookup works as I would expect.
On my OpenVPN connected phone, when I run an nslookup (I found an app) I’m seeing it still resolve any host where I use my FQDN to some external IP.
There is something odd happening on the phone. With the changes made above I can now use the FQDN on all computers in Chrome (woohoo!) but my phone is still insisting on doing something else. But at least I’ve now confirmed it isn’t just chrome but system wide. And I’ve confirmed that I can get to everything by just hostname as long as exclude the domain name.
Thanks again for all the help!
We’ve all been there, done that 
You shouldn’t need ipv6 unless you have your pfSense/lan supporting ipv6 (I have disabled ipv6 inside my lan entirely for now, to avoid just such compatibility issues). Are you 100% sure the problem on your phone is not related to openVPN? Maybe better to eliminate this and try the phone when you are back home.
Most welcome (least I can do, given the help you give everyone else )
I didn’t think so since I get the same result on my phone when not connected over vpn. But I just tried an nslookup from another machine on the VPN and I’m getting different results even from the phone. On that machine it can’t find the machines by host name and by FQDN I get the external address instead of the machine’s address. So the VPN must be at least part of the problem.
Agree. I would take the VPN out of the equation before spending more time on it or making other changes.
OK, I didn’t have much time to debug anything yesterday but I was able to confirm that I get the exact same behavior when my phone is on my LAN as I do when it is on the VPN. The DNS on the remote RPi I have also connected via VPN is really trashed so it isn’t a good platform to draw comparisons from.
It’s really odd behavior on the phone and except for vague Android prioritizes Google DNS mentioned above and elsewhere I can’t really figure out why.
But, with the changes I’ve made so far I’m able to access all my services form all machines using just the hostname without the FQDN so I can at least move forward. Many thanks for all the great advice!
It does seem very odd but as you say, maybe just one of those quirky things.
Good to hear that at least some progress!
Originally I used a static webpage served via nginx with a few links, but as my services grew, so did my laziness with updating those files, not to mention working around services that don’t play as nicely with frames or what have you. I found Organizr (https://github.com/causefx/Organizr) and I haven’t looked back. I run all my services, including Organizr nginx in docker containers.
Organizr looks to be an interesting solution. I will have to play with it a bit. It’s a bit closer to what I was thinking must exist. It might be a bit heavy weight for my needs but that has never stopped me before.
Thanks!
Hi
pfsense user here too. Can’t comment on your specific issue with Chrome but I dont have any issues with name resolution so thought I would share my config. I used to have probems. So now I use reserved dhcp for all clients excluding switches, APs, and some other bits n bobs tht are statically allocated. I run a master and slave BIND9 on 2 RPi’s running Debian 9. In pfsense declare the BIND9 master and slave as name servers.Don’t override in any dhcp settings. Dont use .local. . It can have issues with mDNS and something eske that eludes me . Dont use localhost as 1st ns. In dhcp config disable ‘static arp’. On lan point android clients to bind master as fisrt ns. Othrrs should be fine. If your running an openvpn server force clients to route all traffic through the tunnel any dont allow clients to use other name resolution. Works for me for everything im aware of. hth keith
edit I should have added this setup is fine on 2.4.3 and the new 2.4.4
I aslo should have said this config will not work if you want to use the pfblockerng for dns black listing. (it needs to use unbound)
Sadly the whole reason I set up pfSense in the first place was for pfblockerng.
I’d rather keep all my important networking on the pfsense box as well largely because my power loss mitigation kinda depends on my pfsense being the last to shutdown in we lose power for too long. That becomes more complicated if I farm out the DNS to some other server.
But thanks for posting!
What Phone do use? Which version of the OS?
Android has a new option “private DNS”
I’m on a Pixel 2 XL running Pie. I was under the impression that Private DNS just secured the DNS queries themselves.
Regardless, when I tried to put in my gateway as the DNS I immediately lost internet connectivity had to restart my phone to get everything back to normal. I wonder if pfsense doesn’t support secure DNS.
But even if that did work it wouldn’t be a good long term solution because that sets the DNS for the whole phone no matter what network I’m connected to and what I need is to use my home DNS when on my LAN or connected by OpenVPN and whatever Verizon provides the rest of the time.
It was a good suggestion though.
