PFsense DNS vs Zentyal vs WS

  • I use two pfsense machines in HA with multi-WAN and it is rock solid with almost zero downtime in many months.

    Currently using Zentyal inside the network for DNS, LDAP, and DC.  Its primary purpose is resolving internal DNS entries via their FQDN. This is essential, as we have an Ovirt cluster which relies heavily on DNS. If DNS is not reachable, it comes crashing down. For that reason I have two instances of Zentyal, one backing up the other and both being active DNS servers issued to hosts via their DHCP entries in PFsense.  I run one in Hyper-V on WS2016 and one in an Ovirt VM.

    Now, Zentyal is causing many headaches. DNS entries are a pain to manage, even when it's working properly. Then there was this issue. Several hours of troubleshooting, and it still doesn't work properly. Can't manage it using RSAT like you're supposed to, LDAP is a tossup, sometimes works, sometimes doesn't, on and on…

    I'm considering two options:

    • ditch Zentyal and do DC/DNS/LDAP through windows server 2016. Expensive because I would want a second server as backup DC and only have one bare metal box for this purpose.

    • move DNS to PFsense, ditch the DC altogether and use LDAP as a service from Jumpcloud.

    Option 2 seems easiest to manage.  But..

    • Is the BIND package the preferred way to accomplish internal DNS resolution with automatic DHCP entries, or is Unbound?

    • Are there any issues with DNS, Bind or otherwise, with PFsense in HA?

    • Any reason I'm not thinking of that using pfsense as DNS for internal use is not a good idea?


Log in to reply