DNS Config For Enterprise SEtup ?

ciscoboy

Hi PFsense Masters,

Good day!

Need help , almost done with the setup but our setup is having a different DNS server on the client field.

ex.

Ip add: 172.25.99.x
            255.255.255.0
            172.25.99.1

DNS:              172.25.99.10
SECONDARY : 172.25.89.11

All is working if pfsense ip is used as DNS server but need to setup as such due to Active Directory Setup….

Thank you in advance team...

bryan.paradis

You are going to have to be much clearer about what you would lik to do.

ciscoboy

Hi Sir Bry / PFsense Team,

Please see diagram for details.

Basically I need to use my internal DNS/ DC for windows clients but its not working..

Thank you..

ciscoboy

any other alternative with this config:

on client workstation:

primary: 172.25.85.20 (internal dns)
secondary: 172.25.85.91 (pfsense)

bryan.paradis

@ciscoboy:

any other alternative with this config:

on client workstation:

primary: 172.25.85.20 (internal dns)
secondary: 172.25.85.91 (pfsense)

You can tell pfsense to forward all domain DNS queries to your authoritative DNS server? Would that make sense? Have a look at domain overrides in the DNS Forwarder section.

ciscoboy

Hi Sir,

Thank for the reply..

scenario : when set as primary dns:

172.25.85.20 (internal dns) - cannot resolve websites - google.com etc.

172.25.85.91 (pfsense) - can resolve websites.. but need to set my primary to internal dns inorder to login to domain. :(

johnpoz

Dude setup forwarder on your AD dns to point to pfsense, or google or opendns or 4.2.2.2 or have it directly query the roots.  And setup the correct firewall rules to allow whatever your choose to do.

ciscoboy

Thanks Sir John for the great idea… it's becoming more clearer....  need to test.

Again many thanks...!

ciscoboy

Hi Sir,

I have some problems with the DC / internal DNS server , I cannot querry forwarders for dns..

DNS - Request timeout..

-> Already allowed subnet for any connection &  to any destination..

Thank you sir..

johnpoz

What are the rules on the interface your DC is connected too, looks like you have multiple vlans or segments there.  Can you post it its rules?

If the DC can not do a query to say 4.2.2.2 or or whatever public dns your trying to forward too then sure your going to have problems.  How a bout just forwarding to pfsense IP on that network?  Pfsense can query dns can it not, and dnsmasq is running since you say when you point to pfsense internet works.

ciscoboy

Hi Sir Johnpoz,

Thank you very much Sir Johnpoz, you're solution worked! You're the best!!!

For others who have the same problem follow the solution provided by Sir John:

@johnpoz:

Dude setup forwarder on your AD dns to point to pfsense, or google or opendns or 4.2.2.2 or have it directly query the roots.  And setup the correct firewall rules to allow whatever your choose to do.

Thank you thank you…