Wrong route to private dns server

Vladimir Baranov 1 Reputation point
2020-06-23T09:39:19.567+00:00

Hello All!
I create a private network in Azure and create a virtual machine as private DNS server.
As Bastion create pfSense instance with two networks.
I use terraform (it is not full config): 

resource "azurerm_virtual_network" "demo-network" {
  name                = "demo-network"
  resource_group_name = azurerm_resource_group.demo.name
  location            = azurerm_resource_group.demo.location
  address_space       = ["172.16.40.0/24", "192.168.1.0/24"]
  dns_servers         = ["172.16.40.15"]
  tags = {
    environment = "demo"
  }
}

resource "azurerm_subnet" "demo-network-subnet" {
  name                 = "demo-network-subnet"
  resource_group_name  = azurerm_resource_group.demo.name
  virtual_network_name = azurerm_virtual_network.demo-network.name
  address_prefix       = "172.16.40.0/24"
}

resource "azurerm_subnet" "demo-pfsense-network-subnet" {
  name                 = "demo-pfsense-network-subnet"
  resource_group_name  = azurerm_resource_group.demo.name
  virtual_network_name = azurerm_virtual_network.demo-network.name
  address_prefix       = "192.168.1.0/24"
}

Then, I create pfsense instance with demo-pfsense-network-subnet (looks to Internet) and demo-network-subnet (looks to private net) interfaces.
And create instance for private DNS server with ip 172.16.40.15.

So, then pfsense started - mac address of DNS instance bind on wrong interface: 

[2.4.5-RELEASE][admin@pfsense.centralus.cloudapp.azure.com]/root: netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.1.1        UGS         hn0
127.0.0.1          link#2             UH          lo0
168.63.129.16/32   192.168.1.1        UGS         hn0
169.254.169.254/32 192.168.1.1        UGS         hn0
172.16.40.0/24     link#6             U           hn1
172.16.40.15       00:0d:3a:97:ef:7f  UHS         hn0
172.16.40.254      link#6             UHS         lo0
172.19.0.1         link#2             UH          lo0
192.168.1.0/24     link#5             U           hn0
192.168.1.10       link#5             UHS         lo0

172.16.40.15 00:0d:3a:97:ef:7f UHS hn0 must be on hn1

How can i fixed this?
manually i can remove route, but after reboot, wrong route is recovering

Azure Bastion
Azure Bastion
An Azure service that provides private and fully managed Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to virtual machines.
247 questions
Azure Network Watcher
Azure Network Watcher
An Azure service that is used to monitor, diagnose, and gain insights into network performance and health.
161 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. TravisCragg-MSFT 5,681 Reputation points Microsoft Employee
    2020-07-07T01:58:15.58+00:00

    First, double check that your DNS server is set properly on your VNET. In the portal, you can navigate to your VNET, and then select 'DNS Servers' from the left menu to view the DNS settings on your VNET.

    Next, check the DNS settings on the NICs that you created. Navigate to your NICs in the portal and select 'DNS Servers' from the menu on the left. Typically NICs will inherit the DNS settings on the VNET, but you can override it to a specific DNS server.

    Make sure the primary NIC contains the proper DNS info. You might have to swap which NIC is primary.

    0 comments