Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Bind rules

    Firewalling
    2
    4
    543
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      polhallen last edited by

      Hi all, I'm sorry if this is not correct section of forum

      I've a bind server on my internal lan

      WAN<–->LAN1<--->BIND SERVER

      WAN is 192.168.5.1/30
      LAN1 is 192.168.1.100/24
      bind server has 192.168.1.101

      this bind is only a cache server (not resolver) and serves all 192.168.1.0/24 clients

      do I need to create some rules for BIND? I ask this because without resolver config it's very very slow..

      thanks for help!

      Pol

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        well where does it forward?  if its only caching and not resolving..  Pfsense has nothing to do with clients talking to other clients on same network.  is pfsense your dhcp server, then you prob want to hand out that IP as your dns, etc.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

        1 Reply Last reply Reply Quote 0
        • P
          polhallen last edited by

          sure thanks, but if I change it to resolver do I need to create some rules?

          Pol

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            No not unless your segment its connected too has been locked down to prevent tcp/udp 53 outbound..  Out of the box pfsense lan outbound rules are any any so no you wouldn't have to change anything from that.

            If your currently forwarding, while sure if where you forward is crap don't expect moving to resolver mode is going to be some speed demon.  In resolver mode you have to talk to the authoritative server for every domain you look up.  And you have to ask the server from roots on what that is.. Its a couple of queries to find the authoritative server for the domain your looking for, etc.

            And depending on your internet connection and where your at in relationship to the ns for the domains your looking up - resolving can be slower than just asking your isp dns for hey whats the IP for www.domain.tld that he already has cached.

            There are lots of reasons to actually resolve vs forward, but speed of looking up something really wouldn't be it ;)

            So I can understand being a fan of bind, am one myself - but curious what your doing that your running it on its own server.  You know pfsense has the bind package available again.  I am not aware of any sort of limitation the package has over full install on a server other than maybe pure horse power of the server being higher then what your running your router on.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

            1 Reply Last reply Reply Quote 0
            • First post
              Last post