Multiple Local Domains
-
Hi all -
If I have a pfSense firewall setup on the root local domain e.g. pfSense.companyA.lan, am I able to easily setup subdomains for each of the local LAN network segments that serve a specific location, for example *.building1.companyA.lan on network segment 1 and *.building2.companyA.lan network segment 2?
In other words:
- pfSense would be pfSense.companyA.lan
- Workstation X in Building 1: machineX.building1.companyA.lan
- Workstation Y in Building 2: machineY.building2.companyA.lan
Would I just enter e.g. building1.companyA.lan under "Domain Name" in the DHCP settings for network segment that servicing building 1?
Thanks in advance for your help, I really appreciate it.
-
@tman222 Are these subdomains to be used with windows active directory domains?
Or you just need them for management purposes? -
@netblues said in Multiple Local Domains:
@tman222 Are these subdomains to be used with windows active directory domains?
Or you just need them for management purposes?Hi @netblues - thanks for the reply. AD won't be used; the idea was to do this for better network segregation from management standpoint as you suggested. Do you think what I proposed would work or is there a better way to set this up? Thanks again.
-
What exactly are you hoping to see happen here?
-
@stephenw10 said in Multiple Local Domains:
What exactly are you hoping to see happen here?
Hi @stephenw10 - I was hoping that I could have the default search domains be different network segments, i.e. *.building1.companyA.lan and *.building2.companyA.lan. I suppose I could also make the necessary host overrides under DNS Resolver settings, but was curious if it is possible to setup separate local domains like this. Thanks again.
-
You can set different domains for segments via DHCP. Not really sure how you expect that to improve network segregation. Just unable to resolve hosts on other segments without specifying the FQDN?
-
I have tried something like that in the past.
Forward lookup with search domains isn't very practical to maintain (and remember too)
There is some value in reverse lookups in logs, where its easier to pinpoint names than ip's.
On the other hand, with proper ip address block segmentation its probably easier to learn by heart. -
Hi @netblues and @stephenw10 - thanks for the responses.
I did end up getting this this to work how I wanted by modifying the Search Domains field under DHCP settings, but ultimately decided just to keep it simple: Instead of machineX.building1.companyA.lan I went with machineX-building1.companyA.lan to keep everything under a single local domain.
Thanks again for all your help.
