4. Resolving DHCP clients to DNS

Resolving DHCP clients to DNS

  • M

    I thought this was a simple setup, but it doesn't seem to be working. I want to have (internally) hostnames resolve to the DNS. So for example, if I was to have a domain of example.com, and the host name of my pfsense machine is pfsense, I would like it to resolve to pfsense.example.com (so in the browser I could go to https://pfsense.example.com to get the web interface).

    Pfsense is running on a NUC, so I only have one network port (designated to WAN) which has an IP of 10.1.1.1, an the modem has an IP of 10.1.1.100 (I have turned DHCP off on the modem). I have DHCP on on pfsense and am using a primary DNS of 10.1.1.1 and secondary of 8.8.8.8 and a gateway of 10.1.1.100. I can see these settings come up on the clients.

    Under System > General Settings I have set the domain to example.com and under DNS Resolver I have checked the options of "Register DHCP leases in the DNS Resolver" and "Register DHCP static mappings in the DNS Resolver" (some of the clients are on static mappings in the DHCP server).

    Is there anything else I need to do? Not sure why this is not working.

    0
  • LAYER 8

    that's because your clients are using external dns instead of the dns resolver
    you have to assign only 10.1.1.1 as dns to the clients and eventually, forward requests to 10.1.1.1 and 8.8.8.8

    0
  • M

    Swapped it back to just the one DNS server and still doesn't work. I can still see everything online, but not the hostnames (now trying a .home domain as well). I tried a host override and it didn't work either. Its like the resolver is not resolving the DHCP hostnames or override entries. The weird thing is that on the pfsense server when I do a Diagnostics > DNS Lookup it finds both the hosts and the override. For some reason the DNS server is not passing them on to clients!

    0
  • M

    OK, quick update.... Seems there was just a lag when doing some of my testing. When I leave only the one DNS server in the DHCP settings (the IP of pfsense), even with port forwarding on, it fails to resolve anything. I think the clients were just seeing that the first option (pfsense) was not working and resolving straight to google servers. So it seems the resolver in pfsense is not working at all!

    0
  • LAYER 8

    idk, never used dns resolver, you need to check its configuration, also you need port 53 udp/tcp open

    0
  • M

    Tried opening port 53 on the firewall (on pfsense), no difference. All the settings in the resolver look good. I have had this running in the past, so I know it works!

    0
  • LAYER 8

    do you have forwarding enable ? if yes what do you have inside system / general setup ?

    0
  • M

    I do, in system general I have pfsense as first and Google as second.

    0
  • M

    OK, for anyone that has an issue in future, there are 2 main things that need to be done:

    1. Set a rule for port 53 (DNS) to allow
    2. Set up an Access List (at the top of the page for the resolver). This would normally be for the network range you are using (or any range you want to access this DNS).

    I also unticked the forwarding option as I have been told that is to always forward, pfsense will still resolve with the DNS servers in the general settings.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy