DNS Config For Enterprise SEtup ?
-
You are going to have to be much clearer about what you would lik to do.
-
Hi Sir Bry / PFsense Team,
Please see diagram for details.
Basically I need to use my internal DNS/ DC for windows clients but its not working..
Thank you..
-
any other alternative with this config:
on client workstation:
primary: 172.25.85.20 (internal dns)
secondary: 172.25.85.91 (pfsense) -
any other alternative with this config:
on client workstation:
primary: 172.25.85.20 (internal dns)
secondary: 172.25.85.91 (pfsense)You can tell pfsense to forward all domain DNS queries to your authoritative DNS server? Would that make sense? Have a look at domain overrides in the DNS Forwarder section.
-
Hi Sir,
Thank for the reply..
scenario : when set as primary dns:
172.25.85.20 (internal dns) - cannot resolve websites - google.com etc.
172.25.85.91 (pfsense) - can resolve websites.. but need to set my primary to internal dns inorder to login to domain. :(
-
Dude setup forwarder on your AD dns to point to pfsense, or google or opendns or 4.2.2.2 or have it directly query the roots. And setup the correct firewall rules to allow whatever your choose to do.
-
Thanks Sir John for the great idea… it's becoming more clearer.... need to test.
Again many thanks...!
-
Hi Sir,
I have some problems with the DC / internal DNS server , I cannot querry forwarders for dns..
DNS - Request timeout..
-> Already allowed subnet for any connection & to any destination..
Thank you sir..
-
What are the rules on the interface your DC is connected too, looks like you have multiple vlans or segments there. Can you post it its rules?
If the DC can not do a query to say 4.2.2.2 or or whatever public dns your trying to forward too then sure your going to have problems. How a bout just forwarding to pfsense IP on that network? Pfsense can query dns can it not, and dnsmasq is running since you say when you point to pfsense internet works.
-
Hi Sir Johnpoz,
Thank you very much Sir Johnpoz, you're solution worked! You're the best!!!
For others who have the same problem follow the solution provided by Sir John:
Dude setup forwarder on your AD dns to point to pfsense, or google or opendns or 4.2.2.2 or have it directly query the roots. And setup the correct firewall rules to allow whatever your choose to do.
Thank you thank you…
