WinDnsToUnbound - Using Unbound in place of Microsoft DHCP and DNS - PowerShell scripts, Github repo
-
I've been long frustrated by the limitations and reliability of Microsoft DNS Server. Forcing the clients to use Microsoft DNS gives the impression that the 'network is down', when merely one server is down.
Github:
https://github.com/joelmeckert/WinDnsToUnboundScript:
Get-ActiveDirectoryDnsZonesHow-To:
Download both scripts, Set-ActiveDirectoryDnsZones has the functions that create the Unbound configuration file that can be included on the firewall. Run the script, it creates 'activedirectory.conf', upload it to /var/unbound, and include it in the GUI:
server:include: /var/unbound/activedirectory.confYou could also have a Scheduled Task on the Windows server, monitors the below log:
Application and Service Logs => Microsoft => Windows => DNS Server => Audit
Source: DNS-Server
Event ID: 515
and run WinSCP or similar to automatically upload the file if there are any changes. There's probably a way to restart unbound with the pfSense API, but I have not investigated this.