Specific capabilities when migrating from dnsmasq
-
Hello
I currently use a router that embarks a dnsmasq server for its DNS and DHCP needs.
I am seriously considering moving to pfSense (and buy one of the appliances) but I am worried about some of the capabilities I have on dnsmasq which I did not see when browsing the DNS and DHCP documentation.-
The DHCP IPs served by dnsmasq are automatically made available on the DNS server. Is this link in place in pfSense?
-
Is it possible to define a DNS server that is used for specific domains? (say, I use 1.1.1.1 as the default server, but example.com should be served by 8.8.8.8)
-
-
@wpq said in Specific capabilities when migrating from dnsmasq:
The DHCP IPs served by dnsmasq are automatically made available on the DNS server. Is this link in place in pfSense?
Yes.
The host name will get published in the local DNS. Example :
Now I can use KMA98FA5 as a host name.
Normally, when you have to contact devices because they host (== 'serve') something, like a NAS, or a printer, or another PC, you keep the DHCP activated on these devices. And you assign a 'static MAC DHCP lease' which will guarantee that these devices always get the same IP == hos tname relation.
But there are reason not to the first and third option :
The second option, I explained above.
@wpq said in Specific capabilities when migrating from dnsmasq:
Is it possible to define a DNS server that is used for specific domains? (say, I use 1.1.1.1 as the default server, but example.com should be served by 8.8.8.8)
That's something that could be done with 'views' I guess.
By default, unbound, doesn't use 1.1.1.1 neither 8.8.8.8 neither your ISP. pfSense won't send your private (DNS) data to same tiers company.
Unbound is a resolver. It will drill down to the official (authoritative) name servers to obtain the needed info, using the official root servers, official tld servers.Btw : really : you want some existing domain name on the internet being resolved by outside resolver A and another domain being resolved by B ?
Unbound (pfSense) supports local overrides, like my-private-server.local.tld = 192.168.1.100 so that "my-private-server.local.tld" won't get resolved by 'the Internet', what would'"t work, but locally.
Take note that dnsmasq is also available for pfSense, it's the old forwarder that was default, before.
-
Thank you for the detailed answer
@gertjan said in Specific capabilities when migrating from dnsmasq:
Btw : really : you want some existing domain name on the internet being resolved by outside resolver A and another domain being resolved by B ?
Yes. I replaced the ISP-provided Internet box with my own router. The box is connected to that router on one of the ports because I need it for the fixed line phone (and TV, which I do not use). It believes that it is on the ISP network (despite having a private IP) but some domains it requires need to be resolved by a specifc DNS (it is a big mess, a country-wide telecom provider that is discovering that they have to open up but bts and pieces are missing).
This is a very specific situation but yes, I have an actual need for it.
Your other answer about DHCP entries being registered in DNS is very good news. I do not fix the leases via the MAC, this is why I wanted to make sure the hostname will match the IP without manual intervention.
-
Yep, the "domain overrides" function in the DNS Resolver settings allows you to input a domain name and the DNS server that you want to resolve hostnames for that domain. So you could input the domain name for your ISP, and any hostname queries within that domain would be directed to that DNS server, instead of going through the normal internet resolution process.