How to ensure local machine names are resolved according to DHCP only?



  • I have configured DNS resolver to take both static and dynamic DHCP leases. Unfortunately, often, when I ping my local machine by name, it resoles it by global DNS. And since there are no A-records for my local machines in global DNS, it returns main domain IP in the global internet.

    Why and how to disable this? I want my local machines addressed by my local IPs.



  • Manually add the addresses to the DNS Resolver or enable "Register DHCP static mappings in the DNS Resolver".  This way, when on the local network, the DNS will point to the addresses.


  • LAYER 8 Global Moderator

    Why are you using public domain name locally?  I just use local.lan, and set zone to static… Problem I could see if you set your zone to static on unbound is you wouldn't be able to resolve any public hosts in that domain - is that something you need?

    Why not just make your local domain say somedomainyouown.lan vs somedomainyouown.com?



  • @JKnott:

    enable "Register DHCP static mappings in the DNS Resolver".

    Enabled, but not helped.



  • @johnpoz:

    Why are you using public domain name locally?

    But why not? I was thinking some of my machines will be local and another – be global, and all in the same domain.

    I just use local.lan, and set zone to static…

    Description explicitly says not to name domain local.

    Anyway, what is the purpose of "domain name" parameter if it can't be literally domain name? Why not call it, I don't know, "lan name" or "area name"?

    Problem I could see if you set your zone to static on unbound is you wouldn't be able to resolve any public hosts in that domain - is that something you need?

    Sorry didn't understand this text. I am not so cool.

    Why not just make your local domain say somedomainyouown.lan vs somedomainyouown.com?

    This is the question, I don't know. What should I do?



  • Hi,

    I "own" a domain name : my-domaine.net and using this one for my internal network.
    pfSense is called pfsense.my-domaine.net and I'm having other devices like printer1.my-domaine.net, PC4.my-domaine.net etc etc.
    The network LAN devices have all static DHCP leases.

    Of course, I'm using the Resolver and I checked
    Static DHCP => Register DHCP static mappings in the DNS Resolver

    I'm using my domain name on the Internet for just one reason : home.my-domaine.net, which is a DYNDNS (RFC2136) so I can reach my network from the outside.
    So, home.my-domaine.net is resolved on a global "Internet" level and all other xxx.my-domaine.net are only valid and accesible on a local level, and handled by my local resolver.

    Btw : I'm using a 'real' domain name my-domaine.net because this enabled me to declare a "portal.my-domaine.net" which I use for my HTTPS captive Portal interface including a certificate from LetEnscrypt.


  • LAYER 8 Global Moderator

    There are legit reasons to use a public domain.. But seems like he is trying to use machines that match up with public names.. Which could cause problems - my guess is if he has the clients registered he is having is clients point outside and not pfsense.

    "Description explicitly says not to name domain local"

    It states not to use .local as the TLD… That is not what I am doing my tld is .lan  And I agree using a tld of .local would be a bad idea.

    Unless you have a specific reason to use your public domain name internally - like portal you want to put a acme cert on.. Your better off using a non public domain internally..  You can also just use a signed cert and have your clients trust your CA to get trusted.. So unless you have clients you do not control access stuff via this fqdn that you use https then you don't need to go that route either.. My browsers trust names in local.lan because my browsers trust my CA that created the certs.  No random box would ever have need to access my pfsense web gui, etc.  And not using the captive portal.

    You can always just manually create host override entries if your having a problem with registration of clients in dhcp.. If your reserving a client an IP with static then its a given you would know that its IP is going to be so just put it in overrride.

    For clients that just get an IP out of the pool - you sure your doing a query direct to your unbound to see if it resolves?


Log in to reply