Internal DNS
-
From a PC I should connect to other PCs, servers, printers, various devices, etc.
Both inside the LAN and on the Internet.
I don't always have the address table handy and obviously I can't register them as public IPs.
I would therefore like my own DNS where to register these IPs with an exclusive internal name.
What service can I enable in PfSense? -
Hi,
You are aware that 'unbound' is running on your pfSense ?
That you can define your own 'host overrides' like :
your-device - your-local-domain - IPv4 - Description.With the help of the DHCP server, and static mac based leases, you can enforce that the devices you chose have always the same IP(v4).
Now you can access your "your-device.your-local-domain" as an URL locally.
Accessing devices from the outside needs a NAT (or a cascade of NAT rules if you have a router in front of pfSense).
Now only your WAN IP is know and device selection can be done using ports.
Normally, you wouldn't make device from your LAN accessible to the net like that. Use a VPN access instead (build in pfSense, of course), which will make your entire LAN accessible, and you could use the over ridden device names, as mentioned above.
You could make a DMZ type interface and place a (web ?) server into that 'DMZ' LAN, and NAT ports 80 and 443 on the WAN, so your web server is also accesible from the outside.
Your WAN IP is changing often , => Make use of the DyNDNS facilities build into pfSense. -
@Gertjan
Maybe I did not say it clear enough.
I don't want to access internal servers from the outside, but just the opposite.I have external servers identified with IP X.Y.Z.K and which do not have a public name.
So, from my PC located in my office, I should access to these and then to a printer panel, a router panel, a server panel in my LAN, or even remotely connect to a PC in the LAN.
Obviously if I have to connect to these from my home, then I use a VPN.The only way to access these is to use the IP or configure a "hosts" file on my PC, which I must however keep updated with each modification or new device.
If I move to work on another PC, the hosts file is not there and I have to bring with me the list of IPs used.
I was wondering if I can register these IPs on an internal DNS that I will only use inside the LAN. -
"dns resolver" has the "dhcp registration" option if it's what you are searching for
-
@WhiteTiger-IT said in Internal DNS:
I have external servers identified with IP X.Y.Z.K and which do not have a public name.
The usual solution : rent a domain name, have it point to your X.Y.Z.K. host, and enjoy.
Or, if access is only needed from your LAN? as said, declare a "host over ride" and your done.
@WhiteTiger-IT said in Internal DNS:
The only way to access these is to use the IP or configure a "hosts" file on my PC, which I must however keep updated with each modification or new device.
If I move to work on another PC, the hosts file is not there and I have to bring with me the list of IPs used.
I was wondering if I can register these IPs on an internal DNS that I will only use inside the LAN.That's why you have a centralized router firewall with DNS capabilities !
No need to edit every host file on every system. -
I return to the topic because with DNS Resolver I don't solve the problem and on the contrary I'm going to create a new one.
I repeat the question because perhaps I am not clear.
I have to find a way so that from a PC on the LAN I can refer to something else on the LAN (PC, Server, Printer, Access Point, etc.) with its name or alias and not with the IP address.
I don't want to find anything on the Internet, I don't want to configure DDNS, I don't want to configure the router.
Today I can already do all this with a simple hosts file, for example:192.168.1.1 router hq-rtr 192.168.1.2 fw-wan 192.168.11.1 fw fw-lan 192.168.12.1 fw-dmz 192.168.12.11 server ls1 hq-ls1 192.168.12.12 nas1 hq-nas1 192.168.11.51 laser hq-laser 192.168.11.101 john pc-john 192.168.11.102 dan pc-danWith DNS Resolver it is true that I have centralized these names, but I am obliged to register the domain as well.
This way, instead of a simple ping hq-laser, I have to do ping hq-laser.mycompanyname.tld -
under windows
.mycompanyname.tld is added automatically,
under linux you need to adddns-search mycompanyname.tld
or
search mycompanyname.tld
i don't remember which one do the job
i have it added inside /etc/resolv.conf and /etc/network/interfaces on my ubuntu server and pc idk other distrothis way you are able to ping hq-laser instead of the fqdn
kiokoman@nanto:/etc$ ping raspberrypi PING raspberrypi.kiokoman.home (192.168.10.200) 56(84) bytes of data. 64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=1 ttl=63 time=4.31 ms 64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=2 ttl=63 time=4.22 ms 64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=3 ttl=63 time=4.42 ms 64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=4 ttl=63 time=9.24 msbasically dns work like this, you ping the name, the os add the domain part and ask the dns resolver/forwarder who have it. this have nothing to do with pfsense, it's how dns works
-
But in DNS Resolver the domain name I MUST put it
-
you only need to put the same domain inside System / General Setup
and register the dhcp clients, nothing else is needed -
@WhiteTiger-IT said in Internal DNS:
But in DNS Resolver the domain name I MUST put it
Yes, you must state the domain in the host override, but you don't need it for the resolution as long as the PC you're requesting it and the hostname and pfSense are within the same domain.
-
Yes your client is already searching using an FQDN even when you just use a host name. It appends whatever domain it is already using.
Steve
-
True!
It was enough to put the same domain that I had already indicated in General Setup.
Many thanks to all of you.
