Help setting up split dns

tman904 · Jan 13, 2020, 2:23 PM

Hi.

I have a server that's in a DMZ network off of my pfSense. In addition I have a LAN network that's also connected to this same firewall.

When the LAN clients connect to the server in the DMZ, how do I give them the private ip address of that server?

I'm currently using NAT reflection to do this, but it's becoming tiresome.

JKnott · Jan 13, 2020, 2:23 PM

@tman904

Create a host override in the DNS server config.

tman904 · Jan 13, 2020, 3:28 PM

I'll have to google then. I found host overrides mentioned in the docs but where are the actual configuration steps?

viragomann · Jan 13, 2020, 7:35 PM

It's quiet simple. However, it requires that you use the DNS Resolver or Forwarder on pfSense as your internal DNS, of course. Do you?

So just go to the appropriate setting page, go down to Host Overrides and hit the Add button. Enter the name part of the FQDN into the Host box and the domain part into the Domain box and below the internal IP address. If you want you may state a Description, then press Save. That's all.

tman904 · Jan 14, 2020, 9:40 AM

I think I do because I haven't changed any settings related to DNS.

so for the host override I enter
example.com then the internal ip address of the server and that's it?

I feel like a bother asking simple questions but I don't deal with DNS very often.

viragomann · Jan 14, 2020, 11:24 AM

By default, if your devices use automatic network configuration (DHCP), pfSense should be your DHCP server. But the DHCP has to be set up manually for each network segment on pfSense.

The DNS Resolver is running by default on pfSense, and if your devices use the DHCP, the DNS is setup automatically, otherwise if you do manual network config, you have also enter the DNS servers IP manually as well.

If example.com is your external FQDN, "example" is the host name part in the host override, while "com" is the domain part.

tman904 · Jan 14, 2020, 2:19 PM

Thank you so much. I never fully understood the host overrides. But now it makes perfect sense no pun intended lol. I'll set it up tonight and report back how it goes.

I still have to take out the nat reflection rules and replace them with the override. Which is why I've been double checking that I understand it correctly.

Thanks again for your help.

tman904 · Feb 13, 2020, 2:28 PM

I performed the steps you outlined and it works great!

Thanks again.