Internal DNS

Gertjan

Hi,

You are aware that 'unbound' is running on your pfSense ?
That you can define your own 'host overrides' like :
your-device - your-local-domain - IPv4 - Description.

With the help of the DHCP server, and static mac based leases, you can enforce that the devices you chose have always the same IP(v4).

Now you can access your "your-device.your-local-domain" as an URL locally.

Accessing devices from the outside needs a NAT (or a cascade of NAT rules if you have a router in front of pfSense).
Now only your WAN IP is know and device selection can be done using ports.
Normally, you wouldn't make device from your LAN accessible to the net like that. Use a VPN access instead (build in pfSense, of course), which will make your entire LAN accessible, and you could use the over ridden device names, as mentioned above.
You could make a DMZ type interface and place a (web ?) server into that 'DMZ' LAN, and NAT ports 80 and 443 on the WAN, so your web server is also accesible from the outside.
Your WAN IP is changing often , => Make use of the DyNDNS facilities build into pfSense.

WhiteTiger-IT

@Gertjan
Maybe I did not say it clear enough.
I don't want to access internal servers from the outside, but just the opposite.

I have external servers identified with IP X.Y.Z.K and which do not have a public name.
So, from my PC located in my office, I should access to these and then to a printer panel, a router panel, a server panel in my LAN, or even remotely connect to a PC in the LAN.
Obviously if I have to connect to these from my home, then I use a VPN.

The only way to access these is to use the IP or configure a "hosts" file on my PC, which I must however keep updated with each modification or new device.
If I move to work on another PC, the hosts file is not there and I have to bring with me the list of IPs used.
I was wondering if I can register these IPs on an internal DNS that I will only use inside the LAN.

kiokoman

"dns resolver" has the "dhcp registration" option if it's what you are searching for

Gertjan

@WhiteTiger-IT said in Internal DNS:

I have external servers identified with IP X.Y.Z.K and which do not have a public name.

The usual solution : rent a domain name, have it point to your X.Y.Z.K. host, and enjoy.

Or, if access is only needed from your LAN? as said, declare a "host over ride" and your done.

@WhiteTiger-IT said in Internal DNS:

The only way to access these is to use the IP or configure a "hosts" file on my PC, which I must however keep updated with each modification or new device.
If I move to work on another PC, the hosts file is not there and I have to bring with me the list of IPs used.
I was wondering if I can register these IPs on an internal DNS that I will only use inside the LAN.

That's why you have a centralized router firewall with DNS capabilities !
No need to edit every host file on every system.

WhiteTiger-IT

I return to the topic because with DNS Resolver I don't solve the problem and on the contrary I'm going to create a new one.

I repeat the question because perhaps I am not clear.
I have to find a way so that from a PC on the LAN I can refer to something else on the LAN (PC, Server, Printer, Access Point, etc.) with its name or alias and not with the IP address.
I don't want to find anything on the Internet, I don't want to configure DDNS, I don't want to configure the router.
Today I can already do all this with a simple hosts file, for example:

192.168.1.1 router hq-rtr
192.168.1.2 fw-wan
192.168.11.1 fw fw-lan
192.168.12.1 fw-dmz
192.168.12.11 server ls1 hq-ls1
192.168.12.12 nas1 hq-nas1
192.168.11.51 laser hq-laser
192.168.11.101 john pc-john
192.168.11.102 dan pc-dan

With DNS Resolver it is true that I have centralized these names, but I am obliged to register the domain as well.
This way, instead of a simple ping hq-laser, I have to do ping hq-laser.mycompanyname.tld

kiokoman

under windows
.mycompanyname.tld is added automatically,
under linux you need to add

dns-search mycompanyname.tld
or
search mycompanyname.tld
i don't remember which one do the job
i have it added inside /etc/resolv.conf and /etc/network/interfaces on my ubuntu server and pc idk other distro

this way you are able to ping hq-laser instead of the fqdn

kiokoman@nanto:/etc$ ping raspberrypi
PING raspberrypi.kiokoman.home (192.168.10.200) 56(84) bytes of data.
64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=1 ttl=63 time=4.31 ms
64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=2 ttl=63 time=4.22 ms
64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=3 ttl=63 time=4.42 ms
64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=4 ttl=63 time=9.24 ms

basically dns work like this, you ping the name, the os add the domain part and ask the dns resolver/forwarder who have it. this have nothing to do with pfsense, it's how dns works

WhiteTiger-IT

But in DNS Resolver the domain name I MUST put it

kiokoman

you only need to put the same domain inside System / General Setup
and register the dhcp clients, nothing else is needed

viragomann

@WhiteTiger-IT said in Internal DNS:

But in DNS Resolver the domain name I MUST put it

Yes, you must state the domain in the host override, but you don't need it for the resolution as long as the PC you're requesting it and the hostname and pfSense are within the same domain.

stephenw10

Yes your client is already searching using an FQDN even when you just use a host name. It appends whatever domain it is already using.

Steve

WhiteTiger-IT

True!
It was enough to put the same domain that I had already indicated in General Setup.
Many thanks to all of you.