Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    moving DHCP server from Windows Server to pfSense

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 4 Posters 910 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aagaag
      last edited by

      I intend to move a DHCP server (with 300 mac address reservations) from a Windows Server to pfSense. I have already duplicated the reservations to the pfSense config. My question are:

      • Is it sufficient to just activate the pfSense DHCP server and then deactivate the Windows server?
      • I understand that the DHCP server sends information about the default gateway (which in this case is the pfSense itself). How do I instruct pfSense to do that?
      • Same for the DNS server for local LAN addresses. At the moment it's hosted by Windows DNS server, but I'd like to move it to pfSense as well. How do I tell pfSense DHCP server to broadcast its own DNS server?
      • What else (if anything) do I need to do?

      many thanks in advance!

      johnpozJ S 2 Replies Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @aagaag
        last edited by

        @aagaag said in moving DHCP server from Windows Server to pfSense:

        How do I instruct pfSense to do that?

        that is the default config, there is nothing to do - the only time you would need to do something if you wanted to hand out something other than pfsense IP address as the gateway.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • S
          SteveITS Galactic Empire @aagaag
          last edited by

          @aagaag With 300 reservations I’m guessing it’s a large network, and Active Directory? I’d actually reconsider. Windows Server can have multiple DNS servers that sync AD by default, and failover DHCP.

          To use pfSense as your DNS you should add a domain override that points your AD domain to the IP address(es) of your Windows DNS server(s). Otherwise you’ll have all sorts of problems.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @SteveITS
            last edited by

            @SteveITS said in moving DHCP server from Windows Server to pfSense:

            and Active Directory?

            I would agree - if this is MS house running AD, I don't see why you would move your dns/dhcp away from that? But maybe they are moving away from AD and shutting it down in why wants to move the dhcp to pfsense?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            S 1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @johnpoz
              last edited by

              Another option would be to use pfSense high availability, two routers with failover DHCP there.
              Still needs the domain override or devices will no longer talk to AD.

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              1 Reply Last reply Reply Quote 0
              • bmeeksB
                bmeeks
                last edited by bmeeks

                Another vote here -- do not dump Active Directory DNS and DHCP unless you are actually moving totally away from Active Directory and moving your Windows boxes out of AD.

                The unbound resolver in pfSense won't like some of the required Active Directory DNS records, so you will likely not be able to dump the AD DNS server(s) unless you are moving completely away from Microsoft's AD infrastructure all together. So, if you have to keep the AD DNS box, why not just retain the DHCP, too?

                Microsoft's DHCP/DNS implemention is much better than what pfSense currently offers because the Microsoft server allows dynamic DNS updates WITHOUT having to restart the DNS server every time a DHCP lease renews and/or a client registers its hostname. You can also configure automatic DHCP failover scopes in the Microsoft environment as well.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.