DNS for Domain Joined and Non Domain Joined Devices

  • This is mostly a home lab / general learning question, where I hope someone can correct my methodology. I'll start with the background, and then if anyone has suggestions, I'll implement them as able.

    I have a home network with several domain joined devices. I also have several non-domain joined devices that are used by myself or others in the house, mostly iPhones and the like. I would like to be able to use the phone to browse domain joined devices by FQDN, not IP.

    As such, the first DNS server on General Setup is the IP to my active directory server. Since all devices are static IP'd within pfSense, all this trickles down to all the devices. And now, from my iPhone, I can access a domain joined device by FQDN.

    The problem arises when I lose power. Which I do often. I'm at 32 or so hours lost power over the last 30 days. The active directory server is on one UPS. NAS and some other equipment and a switch on another UPS. And pfSense + modem + wifi router is on another UPS.

    No matter what I do, the server will always drain any UPS faster than pfSense, modem and the router. It'll always be a race condition, even if I upgrade UPS for the server. So, after about 10 minutes or so of power failure, the other equipment starts gracefully shutting down, leaving me with some battery time left across all UPSes, and pfSense + modem + router still on, slowly draining one UPS.

    But, once the AD server shuts down, the internet is lost. Because that DNS server is gone. And it doesn't matter how many DNS servers I set after the first, until I go in and clear the IP to the AD, there is no domain resolution, because it's reaching out to the local IP. And I don't mean for the local domain. I know that is lost. And that is fine in a power failure.

    I mean the rest of the internet is only accessible by IP address.

    This is ignorance on my part, but I thought the purpose of a secondary or even tertiary DNS was so that if one failed to respond, the secondary or tertiary would kick in? But this doesn't seem to be the case when I set a local IP as the first DNS server.

    So, what am I doing wrong, first, second and nth?


  • Moving to forwarder with a domain override seems to solve the issue.

Log in to reply