My test network is setup like this:

Internal LAN w/ internal DNS (forwarder is set to IP address of Backend FW) -> Backend FW (forwarder is set to IP address of Frontend FW) -> DMZ -> Frontend FW (forwarder is set to IP address of Google DNS Servers) -> The Internet

Both firewalls are pfsense firewalls and they have their own embedded DNS servers with forwarding capabilities.

When doing an nslookup from a client in the Internal LAN, I can resolve the hostname of any computer in the LAN because of the internal DNS server, of course. The problem is that I can't resolve the hostname of the Backend FW and Frontend FW even though I know those are registered in their respective DNS servers themselves.

If I change the server to use in that nslookup session to the IP address of the Backend FW, then naturally it can resolve just fine. This is also true if I change the server to the IP address of the Frontend FW, it resolves just fine.

The weird thing is that access to the Internet from the client all the way to the Internet works just fine. This means that the forwarding from end to end really works but for some reason I cannot resolve the local DNS entries of each of the DNS servers embedded in the firewalls.

What do you guys think is the problem?