Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Internal DNS

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 5 Posters 972 Views 5 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      WhiteTiger-IT
      last edited by

      From a PC I should connect to other PCs, servers, printers, various devices, etc.
      Both inside the LAN and on the Internet.
      I don't always have the address table handy and obviously I can't register them as public IPs.
      I would therefore like my own DNS where to register these IPs with an exclusive internal name.
      What service can I enable in PfSense?

      1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan
        last edited by

        Hi,

        You are aware that 'unbound' is running on your pfSense ?
        That you can define your own 'host overrides' like :
        your-device - your-local-domain - IPv4 - Description.

        With the help of the DHCP server, and static mac based leases, you can enforce that the devices you chose have always the same IP(v4).

        Now you can access your "your-device.your-local-domain" as an URL locally.

        Accessing devices from the outside needs a NAT (or a cascade of NAT rules if you have a router in front of pfSense).
        Now only your WAN IP is know and device selection can be done using ports.
        Normally, you wouldn't make device from your LAN accessible to the net like that. Use a VPN access instead (build in pfSense, of course), which will make your entire LAN accessible, and you could use the over ridden device names, as mentioned above.
        You could make a DMZ type interface and place a (web ?) server into that 'DMZ' LAN, and NAT ports 80 and 443 on the WAN, so your web server is also accesible from the outside.
        Your WAN IP is changing often , => Make use of the DyNDNS facilities build into pfSense.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • W Offline
          WhiteTiger-IT
          last edited by WhiteTiger-IT

          @Gertjan
          Maybe I did not say it clear enough.
          I don't want to access internal servers from the outside, but just the opposite.

          I have external servers identified with IP X.Y.Z.K and which do not have a public name.
          So, from my PC located in my office, I should access to these and then to a printer panel, a router panel, a server panel in my LAN, or even remotely connect to a PC in the LAN.
          Obviously if I have to connect to these from my home, then I use a VPN.

          The only way to access these is to use the IP or configure a "hosts" file on my PC, which I must however keep updated with each modification or new device.
          If I move to work on another PC, the hosts file is not there and I have to bring with me the list of IPs used.
          I was wondering if I can register these IPs on an internal DNS that I will only use inside the LAN.

          GertjanG 1 Reply Last reply Reply Quote 0
          • kiokomanK Offline
            kiokoman LAYER 8
            last edited by

            "dns resolver" has the "dhcp registration" option if it's what you are searching for

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            1 Reply Last reply Reply Quote 0
            • GertjanG Offline
              Gertjan @WhiteTiger-IT
              last edited by Gertjan

              @WhiteTiger-IT said in Internal DNS:

              I have external servers identified with IP X.Y.Z.K and which do not have a public name.

              The usual solution : rent a domain name, have it point to your X.Y.Z.K. host, and enjoy.

              Or, if access is only needed from your LAN? as said, declare a "host over ride" and your done.

              @WhiteTiger-IT said in Internal DNS:

              The only way to access these is to use the IP or configure a "hosts" file on my PC, which I must however keep updated with each modification or new device.
              If I move to work on another PC, the hosts file is not there and I have to bring with me the list of IPs used.
              I was wondering if I can register these IPs on an internal DNS that I will only use inside the LAN.

              That's why you have a centralized router firewall with DNS capabilities !
              No need to edit every host file on every system.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • W Offline
                WhiteTiger-IT
                last edited by WhiteTiger-IT

                I return to the topic because with DNS Resolver I don't solve the problem and on the contrary I'm going to create a new one.

                I repeat the question because perhaps I am not clear.
                I have to find a way so that from a PC on the LAN I can refer to something else on the LAN (PC, Server, Printer, Access Point, etc.) with its name or alias and not with the IP address.
                I don't want to find anything on the Internet, I don't want to configure DDNS, I don't want to configure the router.
                Today I can already do all this with a simple hosts file, for example:

                192.168.1.1 router hq-rtr
                192.168.1.2 fw-wan
                192.168.11.1 fw fw-lan
                192.168.12.1 fw-dmz
                192.168.12.11 server ls1 hq-ls1
                192.168.12.12 nas1 hq-nas1
                192.168.11.51 laser hq-laser
                192.168.11.101 john pc-john
                192.168.11.102 dan pc-dan
                

                With DNS Resolver it is true that I have centralized these names, but I am obliged to register the domain as well.
                This way, instead of a simple ping hq-laser, I have to do ping hq-laser.mycompanyname.tld

                1 Reply Last reply Reply Quote 0
                • kiokomanK Offline
                  kiokoman LAYER 8
                  last edited by kiokoman

                  under windows
                  .mycompanyname.tld is added automatically,
                  under linux you need to add

                  dns-search mycompanyname.tld
                  or
                  search mycompanyname.tld
                  i don't remember which one do the job
                  i have it added inside /etc/resolv.conf and /etc/network/interfaces on my ubuntu server and pc idk other distro

                  this way you are able to ping hq-laser instead of the fqdn

                  kiokoman@nanto:/etc$ ping raspberrypi
                  PING raspberrypi.kiokoman.home (192.168.10.200) 56(84) bytes of data.
                  64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=1 ttl=63 time=4.31 ms
                  64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=2 ttl=63 time=4.22 ms
                  64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=3 ttl=63 time=4.42 ms
                  64 bytes from raspberrypi.kiokoman.home (192.168.10.200): icmp_seq=4 ttl=63 time=9.24 ms
                  

                  basically dns work like this, you ping the name, the os add the domain part and ask the dns resolver/forwarder who have it. this have nothing to do with pfsense, it's how dns works

                  ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                  Please do not use chat/PM to ask for help
                  we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                  Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                  1 Reply Last reply Reply Quote 0
                  • W Offline
                    WhiteTiger-IT
                    last edited by

                    But in DNS Resolver the domain name I MUST put it

                    V 1 Reply Last reply Reply Quote 0
                    • kiokomanK Offline
                      kiokoman LAYER 8
                      last edited by

                      you only need to put the same domain inside System / General Setup
                      and register the dhcp clients, nothing else is needed

                      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                      Please do not use chat/PM to ask for help
                      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                      1 Reply Last reply Reply Quote 1
                      • V Offline
                        viragomann @WhiteTiger-IT
                        last edited by

                        @WhiteTiger-IT said in Internal DNS:

                        But in DNS Resolver the domain name I MUST put it

                        Yes, you must state the domain in the host override, but you don't need it for the resolution as long as the PC you're requesting it and the hostname and pfSense are within the same domain.

                        1 Reply Last reply Reply Quote 1
                        • stephenw10S Offline
                          stephenw10 Netgate Administrator
                          last edited by

                          Yes your client is already searching using an FQDN even when you just use a host name. It appends whatever domain it is already using.

                          Steve

                          1 Reply Last reply Reply Quote 1
                          • W Offline
                            WhiteTiger-IT
                            last edited by

                            😊 😊 😊
                            True! 👍
                            It was enough to put the same domain that I had already indicated in General Setup.
                            Many thanks to all of you.

                            1 Reply Last reply Reply Quote 1
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.