Windows Server DNS & pfSense DNS Issue

  • Howdy,

    I just finished setting up different subnets in my network from some help of great folks here at the community. But now i'm having some weird unintended issues today which I believe is DNS related, such as:

    NOTE: all of these issues are occuring on the LAN_Workstations subnet

    • I am randomly able to access my VCenter web GUI on Sometimes it works then sometimes it will stop working. Update: It seems every time I restart my PC, I can't connect to my vcenter gui with web browser error: This site can’t be reached. Server IP address could not be found.
      Try running Windows Network Diagnostics.

    But then after a while it lets me access the web gui again without me doing anything.

    • I was randomly able to connect to my domain controllers (on same subnet) but randomly get kicked off. Then I wouldn't be able to remote back into them. But if I remoted back to them with an IP address it would work. Then after a while, I could remote back in with the server name. Sometimes when I reboot my workstation, it has a delayed connection to my Domain controller/File server.

    • Cannot access ESXI host ever on

    • Unable to access switch on subnet (I can now access this switch from another subnet, it took like an hour for me to gain access though)

    • Initial wifi logon/connection is delayed (it was instant before)

    I drew my network setup out with all the details to help simplify things, I hope it is clear but if not please ask my anything!


    Here are my firewall rules, but I don't think this is causing my issue:







    I'm kind of getting confused as what to use as DNS servers, because of having my pfsense as a DNS resolver while also having my internal windows server DNS servers.

    Does my DNS settings look okay, or am I messing it up?

    Thank you kindly for any help.

  • LAYER 8 Netgate

    If it were me I would point everything - even pfSense - at the two windows domain controllers for DNS and not even run the DNS resolver on the firewall.

  • @Derelict

    Hey Derelict,

    I can give it a shot, I have a feeling it's not going to play nice with me though :D

    Do you know if doing this method lessens my security in any way? I have a package called pfBlockerNG, do you know if this method would bypass this security package or any other security in pfSense?

    Thank you!

  • @Derelict nvm! I think i found answer in another post. It does not, I just need to make the AD DNS forwarder to point to my pfsense box But then for my pfsense, do I make the dns server an external dns instead of my AD DNS servers? like

  • LAYER 8 Netgate

    IDK why you would invest in the Microsoft solution and not just use it.

    Point everything at the DCs for DNS and forget about it.

  • @Derelict Okay, I will try doing that :(

  • @Derelict

    I tried disabling the DNS resolver in pfSense and only added my two DCs as DNS servers under System -> General Setup but then my internet stops working. Do you know if there is anything else that I may need to configure to make internet work?

    Thank you!

  • LAYER 8 Netgate

    Yeah. All of your devices need to have the DCs set as their DNS servers (probably set using the DHCP server which should probably also be the DCs) and rules need to be in place to pass TCP/UDP port 53 to them.

  • @Derelict Okie, i'll give it a try!