Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internal DNS

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 5 Posters 973 Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG Offline
      Gertjan
      last edited by

      Hi,

      You are aware that 'unbound' is running on your pfSense ?
      That you can define your own 'host overrides' like :
      your-device - your-local-domain - IPv4 - Description.

      With the help of the DHCP server, and static mac based leases, you can enforce that the devices you chose have always the same IP(v4).

      Now you can access your "your-device.your-local-domain" as an URL locally.

      Accessing devices from the outside needs a NAT (or a cascade of NAT rules if you have a router in front of pfSense).
      Now only your WAN IP is know and device selection can be done using ports.
      Normally, you wouldn't make device from your LAN accessible to the net like that. Use a VPN access instead (build in pfSense, of course), which will make your entire LAN accessible, and you could use the over ridden device names, as mentioned above.
      You could make a DMZ type interface and place a (web ?) server into that 'DMZ' LAN, and NAT ports 80 and 443 on the WAN, so your web server is also accesible from the outside.
      Your WAN IP is changing often , => Make use of the DyNDNS facilities build into pfSense.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 0
      • W Offline
        WhiteTiger-IT
        last edited by WhiteTiger-IT

        @Gertjan
        Maybe I did not say it clear enough.
        I don't want to access internal servers from the outside, but just the opposite.

        I have external servers identified with IP X.Y.Z.K and which do not have a public name.
        So, from my PC located in my office, I should access to these and then to a printer panel, a router panel, a server panel in my LAN, or even remotely connect to a PC in the LAN.
        Obviously if I have to connect to these from my home, then I use a VPN.

        The only way to access these is to use the IP or configure a "hosts" file on my PC, which I must however keep updated with each modification or new device.
        If I move to work on another PC, the hosts file is not there and I have to bring with me the list of IPs used.
        I was wondering if I can register these IPs on an internal DNS that I will only use inside the LAN.

        GertjanG 1 Reply Last reply Reply Quote 0
        • kiokomanK Offline
          kiokoman LAYER 8
          last edited by

          "dns resolver" has the "dhcp registration" option if it's what you are searching for

          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

          1 Reply Last reply Reply Quote 0
          • GertjanG Offline
            Gertjan @WhiteTiger-IT
            last edited by Gertjan

            @WhiteTiger-IT said in Internal DNS:

            I have external servers identified with IP X.Y.Z.K and which do not have a public name.

            The usual solution : rent a domain name, have it point to your X.Y.Z.K. host, and enjoy.

            Or, if access is only needed from your LAN? as said, declare a "host over ride" and your done.

            @WhiteTiger-IT said in Internal DNS:

            The only way to access these is to use the IP or configure a "hosts" file on my PC, which I must however keep updated with each modification or new device.
            If I move to work on another PC, the hosts file is not there and I have to bring with me the list of IPs used.
            I was wondering if I can register these IPs on an internal DNS that I will only use inside the LAN.

            That's why you have a centralized router firewall with DNS capabilities !
            No need to edit every host file on every system.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 0
            • W Offline
              WhiteTiger-IT
              last edited by WhiteTiger-IT

              I return to the topic because with DNS Resolver I don't solve the problem and on the contrary I'm going to create a new one.

              I repeat the question because perhaps I am not clear.
              I have to find a way so that from a PC on the LAN I can refer to something else on the LAN (PC, Server, Printer, Access Point, etc.) with its name or alias and not with the IP address.
              I don't want to find anything on the Internet, I don't want to configure DDNS, I don't want to configure the router.
              Today I can already do all this with a simple hosts file, for example:

              192.168.1.1 router hq-rtr
              192.168.1.2 fw-wan
              192.168.11.1 fw fw-lan
              192.168.12.1 fw-dmz
              192.168.12.11 server ls1 hq-ls1
              192.168.12.12 nas1 hq-nas1
              192.168.11.51 laser hq-laser
              192.168.11.101 john pc-john
              192.168.11.102 dan pc-dan
              

              With DNS Resolver it is true that I have centralized these names, but I am obliged to register the domain as well.
              This way, instead of a simple ping hq-laser, I have to do ping hq-laser.mycompanyname.tld

              1 Reply Last reply Reply Quote 0
              • kiokomanK Offline
                kiokoman LAYER 8
                last edited by kiokoman

                under windows
                .mycompanyname.tld is added automatically,
                under linux you need to add

                dns-search mycompanyname.tld
                or
                search mycompanyname.tld
                i don't remember which one do the job
                i have it added inside /etc/resolv.conf and /etc/network/interfaces on my ubuntu server and pc idk other distro

                this way you are able to ping hq-laser instead of the fqdn

                kiokoman@nanto:/etc$ ping raspberrypi
                PING raspberrypi.kiokoman.home (192.168.10.200) 56(84) bytes of data.
                64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=1 ttl=63 time=4.31 ms
                64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=2 ttl=63 time=4.22 ms
                64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=3 ttl=63 time=4.42 ms
                64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=4 ttl=63 time=9.24 ms
                

                basically dns work like this, you ping the name, the os add the domain part and ask the dns resolver/forwarder who have it. this have nothing to do with pfsense, it's how dns works

                ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                Please do not use chat/PM to ask for help
                we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                1 Reply Last reply Reply Quote 0
                • W Offline
                  WhiteTiger-IT
                  last edited by

                  But in DNS Resolver the domain name I MUST put it

                  V 1 Reply Last reply Reply Quote 0
                  • kiokomanK Offline
                    kiokoman LAYER 8
                    last edited by

                    you only need to put the same domain inside System / General Setup
                    and register the dhcp clients, nothing else is needed

                    ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                    Please do not use chat/PM to ask for help
                    we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                    Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                    1 Reply Last reply Reply Quote 1
                    • V Offline
                      viragomann @WhiteTiger-IT
                      last edited by

                      @WhiteTiger-IT said in Internal DNS:

                      But in DNS Resolver the domain name I MUST put it

                      Yes, you must state the domain in the host override, but you don't need it for the resolution as long as the PC you're requesting it and the hostname and pfSense are within the same domain.

                      1 Reply Last reply Reply Quote 1
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by

                        Yes your client is already searching using an FQDN even when you just use a host name. It appends whatever domain it is already using.

                        Steve

                        1 Reply Last reply Reply Quote 1
                        • W Offline
                          WhiteTiger-IT
                          last edited by

                          😊 😊 😊
                          True! 👍
                          It was enough to put the same domain that I had already indicated in General Setup.
                          Many thanks to all of you.

                          1 Reply Last reply Reply Quote 1
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.