domain override not working

rasithapr

@johnpoz i changed the outgoing interface to all & now its working it was set to wan previously

johnpoz

@rasithapr I like using localhost personally, it will nat when goes out the wan. But locallhost isn't going to work for a domain override to a NS on your local networks ;)

Glad you got it sorted.

guile

@johnpoz I don't know if I can bump this topic, because it's kind old, if I can't, you can delete it.

I have the same problem. I have an Active Directory (Windows 2019) as my local network DNS server. I set the IP of that server in "Domain Overrides" of the DNS Resolver and I changed the Outgoing interface to "ALL" (it was in WAN), but it still doesn't work.

In "Diagnostics > DNS Lookup" it works perfectly. But on my PC, it doesn't work. It gives the following error: "Ping request could not find host test.domain.com. Please check the name and try again."

What could it be?

viragomann

@guile said in domain override not working:

I have an Active Directory (Windows 2019) as my local network DNS server. I set the IP of that server in "Domain Overrides" of the DNS Resolver

Why domain override?
Is the Windows server not purposed to do your whole DNS lookups?

If so, you should rather state it as DNS on all clients, you can push it via DHCP. Or forward all DNS requests to it on pfSense.

guile

@viragomann The problem is that I use pfBlocker, so I need pfSense (DNS Resolver) to be the main DNS. Currently my network looks like this: DHCP distributes the Active Directory IP as DNS. And in the Active Directory forwarder, I configured the pfSense IP.

Like that:

DHCP > Active Directory > pfSense.

Everything works perfectly fine, but I need to make some NAT rules and the way it is, it's conflicting with some rules.

viragomann

@guile said in domain override not working:

The problem is that I use pfBlocker, so I need pfSense (DNS Resolver) to be the main DNS.

So enter the DNS server in System > General Setup as the only one.

And in the Resolver settings check "DNS Query Forwarding".

guile

@viragomann that worked!

But I still have a problem. I need to use OpenDNS (208.67.222.222) as the outgoing DNS. How to configure DNS Resolver to forward to OpenDNS?

viragomann

@guile
Now what? OpenDNS or the Windows server?

You can use one or the other, or even the other if the primary fails.
Or you can configure the Windows server to use OpenDNS for lookups.

Not clear, what you try to achieve.

guile

@viragomann I need to use OpenDNS as the outgoing (WAN) DNS. I just set it in the Active Directory forwarder and everything is working fine now.

Thank you!

SteveITS

@guile There are two ways to accomplish this, to use AD DNS and pfBlocker:

Set PCs to use Windows DNS as their DNS
Set Windows DNS to forward to pfSense (uncheck the option to use root servers)

or
2)
Set PCs to use pfSense as their DNS
Add a domain override for the Windows AD domain name to point to one or more Windows AD DNS servers (domain=example.lan, IP=Windows_DNS_IP)

Note if you have IPv6 from your ISP you essentially need to use option 2 because pfSense will send itself as the IPv6 DNS by default.

Sounds like you got it working but a screenshot would probably help next time.

guile

@SteveITS I used the second option you mentioned.

But the problem is that the "domain override" was not working. As @viragomann mentioned, I needed to set the Active Directory DNS in "General Setup" and activate forward option in the DNS Resolver.

After that, I configured the OpenDNS IP (208.67.222.222) in the Active Directory forwarder.

Everything is working now, including the NAT rules that were conflicting.