Add DNS server on pfsense machine

Gertjan

Hi,

No need to install bind.
Unbound - the resolver, covers you, it can do far more then just a simple DNS cache.

You could do this :
At the bottom of Services => DNS Resolver => General Settings you'l find "Host Overrides".
Just add your host over there.

Or this :
Consider that your server, dlna gopro all use DHCP, add static dhcp leases on the DHCP server page. Add the host name for evert device and on the Services => DNS Resolver => General Settings page check " Static DHCP - Register DHCP static mappings in the DNS Resolver".

dam034

Yes, I know I have to add static DHCP leases, in such a way as to assign the same private IP address to the MAC address which I want.

But the fact is to assign a different name (and more than one) from the DHCP client name.

So I want to separate the DHCP server from the DNS resolver.

Is it possible?

Thanks

Gertjan

Well, DHCP and DNS are separate functionalities anyway.

You can add as many host overrides into the DS (resolver or forwarder) as you want. They can point to the same IP if needed.

Be careful : not having a DNS on pfSense can have nasty effect for the firewall itself : like the issue : "Help, my pfSense can upgrade neither install packages", etc.

stephenw10

You can install bind if you want, it's available as a pfSense package. But I agree it looks like Unbound can do everything you want.

Steve

dam034

@gertjan and @stephenw10 Can you show me how to do what you advice me, so I can choose the better?

Thanks

stephenw10

It looks like you just need to add host overrides in Unbound for the hosts you want to resolve there.

https://docs.netgate.com/pfsense/en/latest/book/services/dns-resolver.html#host-overrides

Steve

dam034

Now I didn't understand good how to do.

There are two cases:

• if I want to override a existing DNS (e.g. "forum.netgate.com") assigning it an A record pointing to 10.45.2.43;
• if I want to create a new DNS zone, which can be the same domain of the pfsense machine or not, creating many A and CNAME records.

Can you explain please?

Thanks

JeGr

@dam034 said in Add DNS server on pfsense machine:

if I want to override a existing DNS (e.g. "forum.netgate.com") assigning it an A record pointing to 10.45.2.43;

As already said: make a Host override, Host: forum, Domain: netgate.com and assign it an internal IP 10.45.2.43. Your pfSense afterwards will answer any request for forum.netgate.com with 10.45.2.43 to your clients.

if I want to create a new DNS zone, which can be the same domain of the pfsense machine or not, creating many A and CNAME records.

You don't create a DNS zone per se. You don't need to, as you don't run a complete DNS server, that needs(!) a zone to load DNS entries. The DNS Resolver (unbound) can simply act on single Host Overrides and resolve the defined hostname to an IP.

So you want to create "dummy.here" and point it to 10.45.2.43? Do the same as above with the forum!
Host: dummy
Domain: here
IP: 10.45.2.43
-> save

Afterwards check on a client on LAN with "host", "dig", "nslookup" (depending on your OS). It's as easy as that. If you configure pfSense in general settings to the domain "here" and configure DHCP accordingly, all static IP mappings you create with DHCP are also automatically known to the DNS resolver (check the corresponding box in the DNS resolver screen for that), so you can "populate" your "domain" .here with static IP mappings and overrides without having the need to create a complex DNS setup with bind.

dam034

I didn't understand only one step: if the pfsense domain is "here", DHCP and static IPs create the DNS resolver, can I add more hostnames in "here" domain in host override?

And if there is a DHCP client named "hello", and in DNS override I want to point "hello.here" to another IP, can I do it?

Thanks

johnpoz

you don't have to register dhcp clients in unbound.

And then just create whatever host overrides you want.

dam034

Have I to disable the DHCP registration to override a DHCP client name?

Thanks

johnpoz

You don't have to but having the same name that points to 2 different ips is never good thing. But you could have 2 or more names that point to the same IP.

stephenw10

No, you can add it as a host override and still register it. It overrides the dhcp lease registeration.

Not sure why you would want to that though.

Steve

dam034

I'm thinking like that because they could be some DHCP clients names already registered in host override section.
Indeed, I tried to add a host override name "pohp.here" which points to an external IP, but when a DHCP client named "pohp" connects, the DNS points to the DHCP client machine, not to the external IP.

Is it possible to override? Or have I to disable DHCP clients registration?

Thanks

johnpoz

Why would you point pohp.here to an external IP if you have a client called pohp?

Really not understanding your use case... But if your going to put in by hand IP address for clients fqdn, then there is ZERO point to having them register dhcp address into unbound..

You have dhcp clients register in dns when your are NOT going to put in records by hand for them.

dam034

I did an example, now I can explain better:

1. there is a DHCP client named "server";
2. I want to point "server.here" to it;
3. I add an host override "server.here" pointing to the machine written in step 1;
4. there could be another machine which the DHCP client name is "server".

I'm writing this because I don't administer fully the LAN, and some customers can connect to the wifi, and there could be some inconvenient DHCP clients names.

Should have I to disable the DHCP registration or is there a way to stay secure?

Thanks

stephenw10

Hmm, I tested that before posting and found it worked fine.

Are you sure you are seeing the same hostname and domain?

Edit: And it's still working after the client lease renewed.

Steve

johnpoz

@dam034 said in Add DNS server on pfsense machine:

there could be another machine which the DHCP client name is "server".

And why would you need to resolve those? So don't have dhcp register in unbound.. And just put in the host overrides for the stuff you want/need to resolve.

To be honest I really don't understand resolving dhcp clients by name in the first place.. If the box is important enough to you want to get to it by name.. Than it should have a reservation for dhcp so it always get the same IP. So register static dhcp. Or just set the box to be static IP and setup dns to resolve name to that IP, etc..

stephenw10

Well you could argue that clients with dynamic IPs are most likely to need DNS resolution to address them.

But I hear what you're saying.

Either way I have that setup here and it works exactly as expected. I suspect there is actually a mismatch here. For example you enter client1 somewhere and you think it should resolve to an override you have as client1.domain1.net but in fact your client is trying to resolve soemthing different like client1.sub.domain1.net because something is misconfigured.

Steve

johnpoz

There is a difference between "clients" that get dhcp and "servers" he is using the name server.. While sure you might want to hand info out to the server via dhcp, so you can easy change stuff later like different router or dns, etc.

But server should have a dhcp reservation.

Random clients that are on and off the network, if you have a need to resolve them sure have register their names. But then why would you need to put in a host override? Why would you not just use different sub or domain then..

Just still not getting this use case.