• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

DNS Dynamic Host Updates in Resolver/Forwarder?

Scheduled Pinned Locked Moved DHCP and DNS
dynamic updatesauthoritativewindowsresolverforwarder
3 Posts 2 Posters 598 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    MrPete
    last edited by Feb 29, 2020, 3:44 AM

    pfSense is my DHCP and local DNS server. On my LAN: a variety of Windoze, Linux, etc boxen.
    (I transferred from using fancy DD-WRT router for everything... it worked but was overloaded.)
    I run my LAN as a private subnet of one of my publicly known domains. Let's say sub.example.com

    An issue I can't resolve: all Windows boxes attempt to perform DNS Dynamic Updates on renewal of DHCP (you can force using "ipconfig /registerdns")... and it always fails with pfSense Forwarder/Resolver.

    My diagnostic skills are very limited in DNS, but here's what I see so far (Wireshark is your friend ;) )

    • Windows seeks SOA for sub.example.com from pfSense
      -> This always returns nothing from pfsense... i.e. success but blank, NOT authoritative
    • Then it seeks SOA for example.com -- which succeeds (ie it gets the external public primary DNS server of the domain)
    • Then it seeks to do DNS Dynamic Update to the DNS server for example.com -- which of course fails as these are private addresses on my local LAN

    Assuming the above is true/real, I can simplify this: in pfSense, "dig SOA sub.example.com" -- always returns blank, not authoritative.

    QUESTIONS

    1. How do I fix this?
    2. Can either the Forwarder (dnsmasq) or Resolver (unbound) be configured as authoritative, updateable, DNS server for a local subnet?

    I would have thought this would be a very common, basic thing... yet lots of googling finds zero information at all.

    HELP!!! :-D

    1 Reply Last reply Reply Quote 0
    • K
      kiokoman LAYER 8
      last edited by Feb 29, 2020, 8:47 AM

      afaik no, both are only recursive, you need the bind package

      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
      Please do not use chat/PM to ask for help
      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

      1 Reply Last reply Reply Quote 0
      • M
        MrPete
        last edited by Feb 29, 2020, 5:31 PM

        After a bunch of googling:

        • unbound is not ever authoritative
        • dnsmasq CAN be authoritative. I'm working on it...
        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received