Help setting up split dns

  • Hi.

    I have a server that's in a DMZ network off of my pfSense. In addition I have a LAN network that's also connected to this same firewall.

    When the LAN clients connect to the server in the DMZ, how do I give them the private ip address of that server?

    I'm currently using NAT reflection to do this, but it's becoming tiresome.

  • @tman904

    Create a host override in the DNS server config.

  • I'll have to google then. I found host overrides mentioned in the docs but where are the actual configuration steps?

  • It's quiet simple. However, it requires that you use the DNS Resolver or Forwarder on pfSense as your internal DNS, of course. Do you?

    So just go to the appropriate setting page, go down to Host Overrides and hit the Add button. Enter the name part of the FQDN into the Host box and the domain part into the Domain box and below the internal IP address. If you want you may state a Description, then press Save. That's all.

  • I think I do because I haven't changed any settings related to DNS.

    so for the host override I enter then the internal ip address of the server and that's it?

    I feel like a bother asking simple questions but I don't deal with DNS very often.

  • By default, if your devices use automatic network configuration (DHCP), pfSense should be your DHCP server. But the DHCP has to be set up manually for each network segment on pfSense.

    The DNS Resolver is running by default on pfSense, and if your devices use the DHCP, the DNS is setup automatically, otherwise if you do manual network config, you have also enter the DNS servers IP manually as well.

    If is your external FQDN, "example" is the host name part in the host override, while "com" is the domain part.

  • Thank you so much. I never fully understood the host overrides. But now it makes perfect sense no pun intended lol. I'll set it up tonight and report back how it goes.

    I still have to take out the nat reflection rules and replace them with the override. Which is why I've been double checking that I understand it correctly.

    Thanks again for your help.

Log in to reply