Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is it possible to override the automatically created firewall hostname dns entry?

    DHCP and DNS
    dns dns resolution lan override
    4
    5
    919
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cony
      last edited by

      Hello,

      In pfSense General Setup you can set a hostname and domain for the firewall (Reference). For example:

      Hostname: pfsense
      Domain: mynet.localdomain
      pfSense seems to automatically add a line to /etc/hosts which maps this hostname + domain combination to the ip address of the LAN interface (specifically the interface pfsense considers to be LAN).

      Example of the line it adds after the loopback entries:

      10.1.1.1 pfsense.mynet.localdomain pfsense
      

      Additionally, for Unbound specifically, /var/unbound/host_entries.conf gets two lines which expresses the same association:

      local-data-ptr: "10.1.1.1 pfsense.mynet.localdomain"
      local-data: "pfsense.mynet.localdomain. A 10.1.1.1"
      

      As a consequence of this, when trying to resolve pfsense.mynet.localdomain with the pfSense as the DNS server, the ip address which is returned is 10.1.1.1, as expected.

      My issue is that I want to override this to a different ip address. For example, I have a VLAN on another interface which is used for network device management. It has the subnet 10.2.1.0/24 and the IP address of the interface itself is 10.2.1.1

      It seems not possible to override the default entry that pfSense sets up with respect to the hostname+domain of the firewall. Adding a DNS Resolver host override for pfsense.mynet.localdomain to resolve to 10.2.1.1 just adds another item to the aforementioned files.

      The result of that is that when resolving pfsense.mynet.localdomain, both 10.1.1.1 and 10.2.1.1 are returned as answers (at which point the client system may decide to use the former, which I don't want).

      Is it possible to force the firewall's registered hostname+domain to resolve to something other than the LAN interface ip address? Is the only solution to this to edit the files by hand?

      Thanks for any advice that you have.

      NogBadTheBadN 1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad @cony
        last edited by NogBadTheBad

        https://forum.netgate.com/topic/158427/solved-multi-homed-host-question

        FWIW I use a VIP / loop back for this type of thing.

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • C
          cony
          last edited by

          I see, thanks for sharing I guess I'll give it a shot. Perhaps future versions of pfSense will have more flexibility as well.

          1 Reply Last reply Reply Quote 0
          • G
            giminik
            last edited by

            Hello,

            I have exactly the same issue.
            I have several interfaces, LAN, LAN_APP, DMZ_RP, DMZ_PS4.

            When I ping firewall.home, the IP returned is the interface of LAN_APP (10.0.7.254). How is this IP chosen by pfsense?
            I tried to rename interfaces, but this doesn't change.

            jahonixJ 1 Reply Last reply Reply Quote 0
            • jahonixJ
              jahonix @giminik
              last edited by

              @giminik You can assign subdomains at the interface's DHCP server tab.

              Domain name: "The default is to use the domain name of this system as the default domain name provided by DHCP. An alternate domain name may be specified here."

              So you can end up with
              -firewall.home or firewall.lan.home
              -firewall.lan2.home
              -firewall.dmz1.home
              -firewall.dmz2.home

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.