Want Use Pfsense 2.4.4 as my DNS server

  • Hi,
    I'm new to pfsense
    I would like to setup my pfsense router as my DNS server. I already have a DNS server with a list of host records configured. What is the best way to pull all zones from existing DNS server to pfsense DNS server.
    Should i be using Domain Overrides under DNS resolver?
    Can someone help with this? Is there a step by step procedure i can follow?

  • It you want to abandon your existing DNS server, then you would need to copy your existing records (IP addresses and corresponding host names) over to the DNS Resolver in pfSense and enter them as Host Overrides. The Domain Override is used when you want lookups for certain domains to be sent to particular DNS servers.

    So assuming you reconfigure all of your LAN clients to use the pfSense LAN interface IP as their DNS server IP, then host overrides are probably what you want. You can then either manually configure LAN hosts to point to pfSense for DNS, or you can configure the DHCP server on pfSense to handout pfSense as the DNS server (if you use DHCP on pfSense, which I assume you likely are).

    Now one caveat, if your existing DNS server is an Active Directory domain controller, or you are running a Microsoft AD domain, then don't do this! Leave your AD domain controller as your DNS server.

  • Thanks Bmeeks,

    i need to keep the windows ADC and only need to point one particular server to communicate with pfsense for DNS resolution.

    So this particular server "X" will not be using windows ADC as the DNS server but point to pfsense DNS only. In this scenario, should i use host overrides or just forward requests to my existing windows DNS server?

    Server X should only talk to pfsense for name resolution.
    Thanks again.

  • You can point that one server to pfSense, but if you want that server to be able to resolve other LAN hosts, then you will use the domain overrride option in DNS Resolver on pfSense. You would put your domain name in the override section and then point to your AD Controller/DNS server for resolution. So really not much different than just letting that one server talk to the AD controller in the first place.

    With the domain override, whenever the "exception server" queries something such as some_server.my_AD_domain.lan (or whatever your AD domain name is), the DNS Resolver on pfSense will query your AD controller/DNS server for that host instead of traversing down from the Internet root DNS servers. That's what a domain override does. It points the resolver to a customized authoritative server for that domain. So in your case, the unbound process on pfSense would query your AD controller DNS server for the record, and then return the IP to the "exception server" that asked for it.

Log in to reply