Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Bind rules

    Firewalling
    2
    4
    525
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      polhallen last edited by

      Hi all, I'm sorry if this is not correct section of forum

      I've a bind server on my internal lan

      WAN<–->LAN1<--->BIND SERVER

      WAN is 192.168.5.1/30
      LAN1 is 192.168.1.100/24
      bind server has 192.168.1.101

      this bind is only a cache server (not resolver) and serves all 192.168.1.0/24 clients

      do I need to create some rules for BIND? I ask this because without resolver config it's very very slow..

      thanks for help!

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        well where does it forward?  if its only caching and not resolving..  Pfsense has nothing to do with clients talking to other clients on same network.  is pfsense your dhcp server, then you prob want to hand out that IP as your dns, etc.

        1 Reply Last reply Reply Quote 0
        • P
          polhallen last edited by

          sure thanks, but if I change it to resolver do I need to create some rules?

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            No not unless your segment its connected too has been locked down to prevent tcp/udp 53 outbound..  Out of the box pfsense lan outbound rules are any any so no you wouldn't have to change anything from that.

            If your currently forwarding, while sure if where you forward is crap don't expect moving to resolver mode is going to be some speed demon.  In resolver mode you have to talk to the authoritative server for every domain you look up.  And you have to ask the server from roots on what that is.. Its a couple of queries to find the authoritative server for the domain your looking for, etc.

            And depending on your internet connection and where your at in relationship to the ns for the domains your looking up - resolving can be slower than just asking your isp dns for hey whats the IP for www.domain.tld that he already has cached.

            There are lots of reasons to actually resolve vs forward, but speed of looking up something really wouldn't be it ;)

            So I can understand being a fan of bind, am one myself - but curious what your doing that your running it on its own server.  You know pfsense has the bind package available again.  I am not aware of any sort of limitation the package has over full install on a server other than maybe pure horse power of the server being higher then what your running your router on.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy