Bind rules
-
Hi all, I'm sorry if this is not correct section of forum
I've a bind server on my internal lan
WAN<–->LAN1<--->BIND SERVER
WAN is 192.168.5.1/30
LAN1 is 192.168.1.100/24
bind server has 192.168.1.101this bind is only a cache server (not resolver) and serves all 192.168.1.0/24 clients
do I need to create some rules for BIND? I ask this because without resolver config it's very very slow..
thanks for help!
-
well where does it forward? if its only caching and not resolving.. Pfsense has nothing to do with clients talking to other clients on same network. is pfsense your dhcp server, then you prob want to hand out that IP as your dns, etc.
-
sure thanks, but if I change it to resolver do I need to create some rules?
-
No not unless your segment its connected too has been locked down to prevent tcp/udp 53 outbound.. Out of the box pfsense lan outbound rules are any any so no you wouldn't have to change anything from that.
If your currently forwarding, while sure if where you forward is crap don't expect moving to resolver mode is going to be some speed demon. In resolver mode you have to talk to the authoritative server for every domain you look up. And you have to ask the server from roots on what that is.. Its a couple of queries to find the authoritative server for the domain your looking for, etc.
And depending on your internet connection and where your at in relationship to the ns for the domains your looking up - resolving can be slower than just asking your isp dns for hey whats the IP for www.domain.tld that he already has cached.
There are lots of reasons to actually resolve vs forward, but speed of looking up something really wouldn't be it ;)
So I can understand being a fan of bind, am one myself - but curious what your doing that your running it on its own server. You know pfsense has the bind package available again. I am not aware of any sort of limitation the package has over full install on a server other than maybe pure horse power of the server being higher then what your running your router on.
