Local DNS resolution on pfSense box
-
Hi everybody,
maybe an easy problem, but I'm afraid to bust our company's DNS resolution, so I better ask before! :-)
Our pfSense acts as firewall/internet gateway/openvpn server/…
It doesn't act as a DHCP server, local DNS serverOur local DNS server a.b.c.d and a.b.c.e use the pfSense box for public DNS resolution (is this called DNS forwarding?)
Our local windows domain looks like mysite.mycompany.comHere's my little problem:
I would like to teach our pfSense to make local DNS resolution - just for itself, not for the company. Means: I go to a pfSense shell, type something likehost somecomputernamethe output should be something like
somecomputername.mysite.mycompany.com has address w.x.y.zbtw: resolv.conf on one of our typical linux servers looks like this:
# cat /etc/resolv.conf nameserver a.b.c.d nameserver a.b.c.e search mysite.mycompany.comAny ideas?
Thanks a lot and many greets
Stephan -
So you can do a domain override to point your mysite.mycompany.com domain to your local name servers. This way pfsense using itself to do resolution will know vs asking the public to go and ask your servers for mysite.mycompany.com
This will have nothing to do with your local dns.. Only for pfsense to be able to resolve your internal stuff.
And you have it setup correctly.. if your running AD, your clients should only use your local AD dns and dhcp..
-
Hey John,
thanks a lot for your answer - and sorry for my late reply!
So you can do a domain override to point your mysite.mycompany.com domain to your local name servers. This way pfsense using itself to do resolution will know vs asking the public to go and ask your servers for mysite.mycompany.com
yeah, that did the trick - 90% of it ;-)
Adding the domain override lead to this situation:When I do this on the pfSense shell, everthing works fine:
# host somecomputername.mysite.mycompany.com somecomputername.mysite.mycompany.com has address w.x.y.zBut when I search just for a local comptername, it doesn't:
# host somecomputername Host somecomputername not found: 3(NXDOMAIN)This is why I added the line
search mysite.mycompany.comto
/etc/resolv.confso everthing works fine!
But this change doesn't seem to be persistent. Is there a way to configure this search domain through WebGUI or through any other way?
Thanks a lot and many greets
Stephan -
your search domain would be the domain pfsense is in..
-
your search domain would be the domain pfsense is in..
Unfortunately that doesn' work for me. Domain is set correctly, but there no "search" entry in my resolv.conf… :-(
-
nonsense.. What version of pfsense are you running?
Here I changed mine… Boom resolv.conf changed
-
nonsense.. What version of pfsense are you running?
Here I changed mine… Boom resolv.conf changed
I see! In my config I set the checkbox "Allow DNS server list to be overridden by DHCP/PPP on WAN" so that I get my public DNS servers from my ISP. In this case, also the search domain seems to be "overridden" with nothing. When I uncheck this box I get the same behaviour like your box.
But: Now I am forced to set the public DNS servers manually, otherwise the pfsense box itself can't resolve public names. :-( This configuration is ok for me, but better would be getting the DNS servers from my ISP. Is there a solution?Thanks for your patience and many greets
Stephan -
dude if your using the resolver.. You wouldn't use outside dns…
All your pfsense box needs to do is point to itself, and the resolver would look up stuff directly.
Pfsense has default to using the resolver for quite some time. Are you using the resolver or the forwarder? If resolver the only entry pfsense should have is itself, 127.0.0.1
Why would getting your dns from your isp be better?? More often then not the their dns blows ;) And you are almost always better off using what you want to use as your forwarder or just being your own resolver is a much better solution all the way around. Which is what pfsense defaults too.
