Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Windows Server 2016 behind pfSense - what's the best way to do DNS?

    DHCP and DNS
    3
    4
    118
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mastiff last edited by Mastiff

      On three of the networks from the pfSense box (Netgate SG-3100) I have different other things on different segments (outdoors network, Internet sharing with a few neigbours and so on). On the fourth, on 192.168.1.x, I have one indoors guest network (with a wifi router) and a Windows Server 2016 (Datacenter edition) which has the external address 192.168.1.4. I use several server applications on that one, so dropping the Windows server is not an option. I know that will be suggested, so please don't bother. 😁

      On the inside of that is my private network (internal address 192.168.2.x), with around 20 devices at any given time (cell phones, Sonos speakers, laptops, a few stationary pc's for gaming and HTPC and so on). And I use RRAS for the connection to the external network and beyond. But does anybody with Windows Server experience know what the best way of doing DNS for this is? I have until now let DHCP in the Windows Server use use the server's own DNS server (the server's internal address is 192.168.2.1), but would it be better to let DHCP deal out 192.18.1.1 (the pfSense box) as a DNS Server? I'm running the DNS resolver on that, not the forwarder.

      1 Reply Last reply Reply Quote 0
      • M
        Mats last edited by

        Actually the first thing I would like to suggest is to move the networks to the SG3100 and remove the need for RRAS. The 3100 is a good router on it's own and it would simplify the network if I understand your description right (a sketch is always good)

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by johnpoz

          So your running AD, and have devices as members of your AD? Even if not, since you have windows server there up and running. I would let it be your dns and dhcp.. You can even have it do dhcp for your other segments via dhcp relay on pfsense.

          On pfsense you can setup domain override for your local domain, and reverse zones your running on your windows server. So the firewall itself can resolve any of your local devices. And then on your windows dns, just forward to pfsense for stuff its not authoritative for, and then unbound can resolve that for you.

          As to rras, yeah I would move your vpn stuff to pfsense as well as suggest by @Mats

          1 Reply Last reply Reply Quote 0
          • M
            Mastiff last edited by

            @Mats, I knew that one was coming, which is why I said "dropping the Windows server is not an option. I know that will be suggested, so please don't bother." I see now that I should have written "not using the Windows server and RRAS is not an option". It's because of a proprietary company application running on the main office's server that has to have an outgoing connection from the main office through my server's IKEv2 to work.

            @johnpoz Thanks! I'll keep it on the server then.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense Plus
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy