DNS Server - $ 350
-
We are currently looking for someone to develop a bind/dns server package for pfSense.
Requirements:
-
We need to be able to create and manage zones (slaves and masters)
-
Support for DNS forwarding
-
Support to host Active Directory zones
-
Support for updating records from DHCP servers
-
-
What is wrong with the existing TinyDNS Server package?
-
So you want to run public services on the box that protects segments of your network? Not a wise move IMO. Google DNS exploits, BIND exploits, etc. Same goes w/Apache and other TCP/UDP services.
-
So you want to run public services on the box that protects segments of your network? Not a wise move IMO. Google DNS exploits, BIND exploits, etc. Same goes w/Apache and other TCP/UDP services.
calm down kimosabi ..the requester did not indicate they will use this as their 'firewall'
I've used a pfsense install to run a cache-only DNS server using the tinyDNS package(DJBDNS). Just configured it as a cache server instead of an authoritative DNS. Pfsense already has great tools for firewalling and network statistics so it was a good fit for my need.
-
I've used a pfsense install to run a cache-only DNS server using the tinyDNS package(DJBDNS). Just configured it as a cache server instead of an authoritative DNS. Pfsense already has great tools for firewalling and network statistics so it was a good fit for my need.
I would be very much intrested on how you were able to run only the dnscache on LAN interface. I assume it must be through the shell.
-
So you want to run public services on the box that protects segments of your network?
On my side, I would like to use djbdns also as an authoritative hidden master DNS for my zone…
-
I would be very much intrested on how you were able to run only the dnscache on LAN interface. I assume it must be through the shell.
its actually pretty straight forward but just to answer your obvious question, yes you will have to use the shell to configure DJBDNS package to function as a dnscache.
1. the first thing you have to do is set pfsense to become a standalone server (use the WAN side for all connection i.e. public IP or internal IP and just use an unused subnet for the LAN side); There's a discussion on how this is done but im just pressed for time to search the exact thread
2. Follow the config guide from DJBDNS site on how to install a cache only server, minus the install (tinydns package will install the stuff you need) but pay attention on which service supervise will load i.e. /service should have dnscache (default will install tinydns)
3. you can also create an authoritative only - but if im not mistaken the default install for the Tinydns package already does this - im not quite sure cause i never used that function
the rest is magic :) ..also dont forget to create firewall rules to limit access to DNS only
-
Did you have a look at this post:
http://blog.pfsense.org/?p=244
