Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS handed out by DHCP

    Scheduled Pinned Locked Moved
    DHCP and DNS
    3
    3
    162
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jlinesabi
      last edited by

      We have a Netgate 5100. Part of what we use it for is a DHCP server. When we first set it up to do this last year, we had no issues. But starting this year, it sporadically doesn't hand out the proper DNS servers. We have it set to hand out our AD server and its own address. It will always hand out the AD server address, but sporadically will not hand out it's own address. This happens to computers whether they are wired or wireless, but, as I said, doesn't happen to all of them. Access to the internet is via the Netgate's IP address, so when this happens people can't reach the internet. To fix it, we have to manually assign the DNS servers. Has anybody run into this or know why it might be happening?

      Thanks.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @jlinesabi
        last edited by

        @jlinesabi seems like a bad setup to be honest. Point your clients to your AD dns if your an AD shop, then have your ad point to pfsense to resolve internet addresses.

        Handing out multiple NSers to client - you have no idea which one they might ask.. So your saying the ad dns can not resolve public like google.com and your dns on pfsense can not resolve your AD stuff.. So your clients are going to have a hard time no matter what.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 1
        • bmeeksB
          bmeeks
          last edited by

          I 100% agree with @johnpoz here. With a Microsoft Active Directory shop, you want everything DHCP and DNS related to be handled by Microsoft products in my opinion. Most definitely DNS! And because of the seamless dynamic DNS updating performed by Microsoft's DHCP server, it is better and easier to run DHCP there instead of on pfSense.

          And handing out two different DNS servers each of which may have some zones unknown to the other server is sure to cause an issue as described by John. Clients do NOT use multiple DNS servers sequentially until one of them finds an answer. They ask one of the servers randomly, and if that server says NXDOMAIN (non-existent domain), then the client does not ask the next server because it has already gotten an answer. The only time clients try one server and then move on to the next in a multiple DNS server configuration is when the first server is completely dead and does not answer at all.

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.