Local AD with remote pfSense

  • I'm getting confused by the DNS updating ability of pfSense.

    Here's my scenario:

    • Primary site is handled by Active Directory Domain Controller, which offers DHCP and DNS services. Working fine.
    • Remote site has no DC, only pfSense. I want to ensure that the remote clients get updated in AD DNS.

    Do I simply enable DHCP service on pfSense, and hand out the remote AD server's IP in the DHCP DNS field? Will that be sufficient to register the DHCP clients in AD DNS?

    I started looking at the DDNS options within the DHCP server of pfSense, but got lost when it started asking for the DDNS encryption key; I couldn't find any reference to this on the AD DNS server.

    (We don't want to stand up a DC at the remote site; it's too small. And if this works we will get additional tiny remote sites as well).

    Any advice?

  • If I am reading this right, you have a remote site that needs to reach AD DS services at a main site. You need to have some kind of connection up between the two sites, do you have a VPN connection? It's not just going to connect the two sites because they have internet. Assuming you have a VPN connection, you need to enable DHCP relay if the computers at the remote site will be getting IPs from the main site's DHCP. If using PFSENSE DHCP at the remote site, you would not need to enable the relay, just make sure that it gives out the proper DNS servers in the scope options. I believe you do need to configure DYNAMIC DNS in the DHCP options in PFSENSE for client registration in DNS, but I haven't used it (I just use MS dhcp/DNS) so I will leave that for someone else here to chime in on.

Log in to reply