DNS newbie question…

  • I have clients authenticating to a WIN DC via VPN. I see in pfsense that I can force domain queries to a specific DNS but not registration. I am wandering if there is a way to have the clients use the DNS on the DC just to register but a different DNS (ie. ISP's) for all other queries. Probably this makes no sense lol… the premise is that even though the traffic is negligable I would prefer that clients are not going over the VPN to lookup urls.


  • I have solved this in the following way with the tunnel between office and home:

    At services>dhcp I have configured to assign the clients first the local pfSense as DNS and then as second DNS the remote windows DC. Additional to this I assign the DC as wins also via DHCP. This way everything works just fine, even logonscripts. DNS will first be answered by the local pfSense DNS forwarder this way and only non resolveable hosts will be queried via the remote DC.

  • Hi Hoba. I had also tried this configuration earlier and this makes resolution work nicely but it does not REGISTER the client with the DC (ie. so that the server can resolve the client on the other end.) The only way this happens is by putting the DC as the first DNS which defeats the purpose. Did I miss something?

Log in to reply