Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [DNS RESOLVER] IPSEC DNS local.domain on two servers, howto?

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 3 Posters 729 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jellex
      last edited by

      Hi,

      I have two pfSense servers setup. Both 2.3.2_1 with unbound.
      The servers are interconnected with IPSEC.

      Domain on both pfSenses: local.domain
      ServerA.local.domain: some static DNS names set that are to be used on on both pfSenses.
      ServerB.local.domain: has static arp mappings that are put into DNS. These mappings are also to be used on both pfSenses.

      (I have setup a route-hack to enable DNS over IPSEC: local route from LAN net ServerA to LAN net ServerB is routed over GATEWAY: "LAN interface address".)
      This all works.

      Now both pfSenses run the same domain. So, next to the static DNS mappings on ServerA I have set an override domain for local.domain to ServerB.
      I've done the same on ServerB (-> ServerA). This works too, but seems to delay a lot on servers that are attached to f.e. ServerA.

      Question:

      1. Is this the right way to use multiple DNS servers in the same domain or should I do it differently?
      2. Do the static mappings take precedence over the 'domain override'? Or is this maybe conflicting?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • G Offline
        geudrik
        last edited by

        I haven't set up a configuration like this before - I generally use a dedicated subdomain for each location so I can easily tell where something based based entirely on its DNS entry.

        That said, regarding your second question, DNS results list DHCP entries first, with HBO's following.

        1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator
          last edited by

          "Now both pfSenses run the same domain"

          Well thats a bad idea right out of the gate..  To be honest if you want to run more than 1 authoritative ns for a domain unbound is a bad choice as well.  If you want to have either ns in either location return the results for IP in either location run an actual authoritative NS and setup your other sites to be slaves and do zone xfers so than when you add a record to your SOA your slave NS will also get a copy, etc.

          Unbound is not well suited for such a setup.  Or as geudrik mentions just run different subdomains for your locations. So you end up with host.siteA.domain.tld and host.siteB.domain.tld, etc.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.