DNS Dynamic Host Updates in Resolver/Forwarder?

MrPete · Feb 29, 2020, 3:44 AM

pfSense is my DHCP and local DNS server. On my LAN: a variety of Windoze, Linux, etc boxen.
(I transferred from using fancy DD-WRT router for everything... it worked but was overloaded.)
I run my LAN as a private subnet of one of my publicly known domains. Let's say sub.example.com

An issue I can't resolve: all Windows boxes attempt to perform DNS Dynamic Updates on renewal of DHCP (you can force using "ipconfig /registerdns")... and it always fails with pfSense Forwarder/Resolver.

My diagnostic skills are very limited in DNS, but here's what I see so far (Wireshark is your friend ;) )

Windows seeks SOA for sub.example.com from pfSense
-> This always returns nothing from pfsense... i.e. success but blank, NOT authoritative
Then it seeks SOA for example.com -- which succeeds (ie it gets the external public primary DNS server of the domain)
Then it seeks to do DNS Dynamic Update to the DNS server for example.com -- which of course fails as these are private addresses on my local LAN

Assuming the above is true/real, I can simplify this: in pfSense, "dig SOA sub.example.com" -- always returns blank, not authoritative.

QUESTIONS

How do I fix this?
Can either the Forwarder (dnsmasq) or Resolver (unbound) be configured as authoritative, updateable, DNS server for a local subnet?

I would have thought this would be a very common, basic thing... yet lots of googling finds zero information at all.

HELP!!! :-D

kiokoman · Feb 29, 2020, 8:47 AM

afaik no, both are only recursive, you need the bind package

MrPete · Feb 29, 2020, 5:31 PM

After a bunch of googling:

unbound is not ever authoritative
dnsmasq CAN be authoritative. I'm working on it...