Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Dynamic Host Updates in Resolver/Forwarder?

    Scheduled Pinned Locked Moved DHCP and DNS
    dynamic updatesauthoritativewindowsresolverforwarder
    3 Posts 2 Posters 877 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • MrPeteM Offline
      MrPete
      last edited by

      pfSense is my DHCP and local DNS server. On my LAN: a variety of Windoze, Linux, etc boxen.
      (I transferred from using fancy DD-WRT router for everything... it worked but was overloaded.)
      I run my LAN as a private subnet of one of my publicly known domains. Let's say sub.example.com

      An issue I can't resolve: all Windows boxes attempt to perform DNS Dynamic Updates on renewal of DHCP (you can force using "ipconfig /registerdns")... and it always fails with pfSense Forwarder/Resolver.

      My diagnostic skills are very limited in DNS, but here's what I see so far (Wireshark is your friend ;) )

      • Windows seeks SOA for sub.example.com from pfSense
        -> This always returns nothing from pfsense... i.e. success but blank, NOT authoritative
      • Then it seeks SOA for example.com -- which succeeds (ie it gets the external public primary DNS server of the domain)
      • Then it seeks to do DNS Dynamic Update to the DNS server for example.com -- which of course fails as these are private addresses on my local LAN

      Assuming the above is true/real, I can simplify this: in pfSense, "dig SOA sub.example.com" -- always returns blank, not authoritative.

      QUESTIONS

      1. How do I fix this?
      2. Can either the Forwarder (dnsmasq) or Resolver (unbound) be configured as authoritative, updateable, DNS server for a local subnet?

      I would have thought this would be a very common, basic thing... yet lots of googling finds zero information at all.

      HELP!!! :-D

      1 Reply Last reply Reply Quote 0
      • kiokomanK Offline
        kiokoman LAYER 8
        last edited by

        afaik no, both are only recursive, you need the bind package

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 0
        • MrPeteM Offline
          MrPete
          last edited by

          After a bunch of googling:

          • unbound is not ever authoritative
          • dnsmasq CAN be authoritative. I'm working on it...
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.