DNS on local network with Pfsense?
-
How do you have the client auto add the local domain name? Is that done purely on the client side, or is that a DNS or DHCP option that enables that?
-
you can hand it off via dhcp, but depending on the client it might not use it.
It should be set on the client in windows for sure.. You can multi suffix searches, etc. But normally your machines should be setup to be in the domain your using locally.
The option in dhcp is 119, but google windows doesn't really support it
https://social.technet.microsoft.com/Forums/windowsserver/en-US/9ba77f86-4708-42ca-a193-2a01b813ec27/is-dhcp-option-119-supported-by-microsoft-clients?forum=winserverNISYour suppose to set them up via Group Policy in windows.
-
The default for most operating systems is to auto-add the DHCP configured local domain name to the queries if the first try of resolving with the plain name in DNS returns no results. For example if you configure your UNIX-like system by DHCP you'll very likely have something like this in /etc/resolv.conf:
nameserver 1.2.3.4 domain mydomain.tldMaking your clients to respect multiple search domains might not work in every case as noted already. If it happens to work on your UNIX-like system you'd have a line like this in /etc/resolv.conf:
search domain1.tld domain2.tld domain3.tld -
Windows will accept the domain name, and out of the box use that in is search.. Ie that local.lan in my example. But window clients do not understand option 119 where you add different and or multiple suffix search domains.
To be honest I can not see the point in a home setup for sure. Why would you not just use same domain for your local stuff, even if you wanted to use different domains. How many devices could you have - would you not know what domains you have in play and which one some device would be in.. So just use FQDN then vs letting client it add it for you in the background.
Such a thing would come more in play in an enterprise where you might have lots of different locations using different sub domains or even multiple domains and user is just handed a server name to get to.. Which to be honest is still bad practice - FQDN should always be used - always!! Hoping/Letting your client search through all kinds of possible iterations of a host and domains is just asking to resolve to the wrong thing…
-
This is a great discussion. Thanks folks. I would like some clarification on the statement below though.
To be honest I can not see the point in a home setup for sure. Why would you not just use same domain for your local stuff, even if you wanted to use different domains. How many devices could you have - would you not know what domains you have in play and which one some device would be in.. So just use FQDN then vs letting client it add it for you in the background.
You ask why not use the same domain for all of my local stuff. The "same" as what? I am looking for the simplicity you're talking about. The issue I'm trying to work around is that pfSense general settings requires a local domain which defaults to "localdomain" and gets appended to all local DNS entries. I'm trying to find a simply way to not needing "localdomain" for everything because I want a simple home setup. Thanks!
-
change localdomain in pfsense to whatever you want.. Example I use local.lan, all my clients use this as their domain and by default is their search suffix.
-
Right. I have done that to "local.lan" since that seems to be a common thing to do, and I also added that to my DHCP server but I still need hostname.local.lan on all of my clients. I can do the work around suggested earlier for Windows clients, but that doesn't work for the majority of my devices. Is the only solution to suck up the local FQDN?
-
dns server can only resolve a FQDN… If your client does not send a FQDN, how would the NS respond..
Keep in mind that pretty much any device should accept the domain that is handed out via dhcp. Its just some clients do not like the option 119 where you hand out other search suffixes other than your main domain you hand out.
Out of the box pfsense will hand out the domain you setup in general for pfsense, unless you override that in the dhcp server settings. Keep in mind you would have to update your dhcp clients lease to get the new info after you had changed it.. Your clients will do that on their own via when the lease hits renewal period normally 50% of whatever your lease time is. Or you reboot the client or force the renew on the client with command.
What sort of device are you using that you believe is not sending fqdn?
-
DNS does not know simple names without a domain part, period. This is by design of DNS and can not be changed. Your client systems will of course give you an illusion that simple names exist but that's only because they are completing every DNS query with the local domainname if needed or in some cases the name is listed in /etc/hosts (or in the windows equivalent) as a simple name without the domain part so that the local resolver on the client resolves the name without the assistance of DNS.
-
Or your finding the host name via broadcast or wins.. Or some other discovery protocol like ssdp or bonjour, ws-discovery (multicast) etc. etc.. There are many discovery protocols.. UPnP, LLMNR, etc.
But if you want to use dns then the query needs to be fully qualified..
