Which DNS server to use on multiple vlans?

ceofreak

Hi guys,

I have a quick question. I got 2 VLANs on my pfSense,

VLAN 10 (192.168.10.0/24)
VLAN 20 (192.168.20.0/24)

Gateway for VLAN 10 = 192.168.10.254
Gateway for VLAN 20 = 192.168.20.254

Now, my DNS Server is 192.168.100.1, which is the normal LAN without any VLANs.

What is corret to configure on VLAN 10 DHCP Server as a DNS Server?

Do I enter 192.168.100.1 as DNS Server? (That's what I have now and it's working) Or do I do it some other way?

jamesonp

The answer to your question is completely dependent on how your network is set up not just by what VLAN the device is assigned to.

johnpoz

if your running dns on pfsense, you can have it listen on any or all of the pfsense interfaces. So you can have it listen on all your vlans and point your devices to the vlan IP or you can have it just listen on lan and point to your lan. Its up to you and how you want to do your firewall rules.

ceofreak

@johnpoz:

if your running dns on pfsense, you can have it listen on any or all of the pfsense interfaces. So you can have it listen on all your vlans and point your devices to the vlan IP or you can have it just listen on lan and point to your lan. Its up to you and how you want to do your firewall rules.

I would like that all VLANs use the DNS Servers that I have defined in General Settings basically. How would I need to configure that?

chris4916

@ceofreak:

I would like that all VLANs use the DNS Servers that I have defined in General Settings basically. How would I need to configure that?

Sure but an easy way to achieve it it to have pfSense DNS server (i.e. resolver) to act as DNS server listening on each interface you select and resolver will relay DNS requests and rely on DNS defined o general settings.
Much easier to maintain and control than having DNS rules to authorize clients on each VLAN to access DNS server on one specific VLAN, IMHO 8)

johnpoz

"I would like that all VLANs use the DNS Servers that I have defined in General Settings basically."

So you have Zero desire to resolve local devices then? Unless your pointing to some local dns that resolves all your local stuff for you, and then resolves or forwards for the public?

Pfsense really works out of the box, it designed to hand out its IP on its address in the network your running a dhcp server, and then resolve - using dnssec even. Going off script without even understanding how dns is works is normally a bad idea ;)

ceofreak

@johnpoz:

"I would like that all VLANs use the DNS Servers that I have defined in General Settings basically."

So you have Zero desire to resolve local devices then? Unless your pointing to some local dns that resolves all your local stuff for you, and then resolves or forwards for the public?

Pfsense really works out of the box, it designed to hand out its IP on its address in the network your running a dhcp server, and then resolve - using dnssec even. Going off script without even understanding how dns is works is normally a bad idea ;)

I guess i missed the bit with the DNS Resolver ;)

Of course, I got a DNS resolver up that is set to All Interfaces including my VLAN Interfaces.

But my question is, if i go to Services/DHCP Server/VLAN10 - do I need to enter a DNS Server under DNS Servers or not? So far I entered the DNS Server address of my 192.168.100.1 address in it, but i doubt that is right.

I think I just got kind of a block in my head right now and I am stuck with that :D

![2017-01-04 20_58_16.jpg](/public/imported_attachments/1/2017-01-04 20_58_16.jpg)
![2017-01-04 20_58_16.jpg_thumb](/public/imported_attachments/1/2017-01-04 20_58_16.jpg_thumb)

johnpoz

You do not need to put anything in there if you just want to have the dhcp clients point to IP the dhcp server is running on for dns.. Its right there in the text below the dns boxes..

Leave blank to use the system default DNS servers: this interface's IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the System / General Setup page.

ceofreak

@johnpoz:

You do not need to put anything in there if you just want to have the dhcp clients point to IP the dhcp server is running on for dns.. Its right there in the text below the dns boxes..

Leave blank to use the system default DNS servers: this interface's IP if DNS Forwarder or Resolver is enabled, otherwise the servers configured on the System / General Setup page.

Thanks, apparently I've read way too much in the past few days and my brain is melted. Thank you for your patience, I got it :D