Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Secondary DNS Server

    General pfSense Questions
    5
    8
    1594
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      leungda last edited by leungda

      Do you know how to set up the pfsense DNS server as a secondary DNS server?

      I have a few domain names using my personal Windows server 2019 DNS server (at the data center location) to resolve IP for the public. Now, I want to set up secondary DNS (at the office location) using pfsense to replicate the Windows Server 2019 DNS server. Do you know how?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @leungda last edited by

        @leungda
        Just enter the first DNS servers IP at the first position of DNS servers in System > General Setup > DNS Server Settings.

        If the WAN is DHCP/PPP ensure that DNS Server Override is not checked below.

        A 1 Reply Last reply Reply Quote 0
        • L
          leungda last edited by

          I guess you misunderstood my question

          Derelict 1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate @leungda last edited by

            @leungda The only way you can do that is to run the BIND package and set up slave zones to pull the zone files from the master name server.

            I am not sure I would do that. I would probably roll a new BIND server or - probably even better - a windows server to do that duty.

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 2
            • L
              leungda last edited by

              Yes, you got my question correctly. The Windows Server 2019 DNS is the MASTER DNS and the pfsense BIND server will be the SLAVE DNS server.

              I understand I can install another server at the office location. My point is if the pfsense has the BIND server. Why not using the pfsense as a SLAVE server.

              I checked the internet and youtube. I cannot find any configuration video or documentation regarding this kind of set up.

              Gertjan 1 Reply Last reply Reply Quote 0
              • Gertjan
                Gertjan @leungda last edited by Gertjan

                @leungda said in Secondary DNS Server:

                Why not using the pfsense as a SLAVE server.

                Because https://forum.netgate.com/topic/133593/bind-setup-pfsense-as-slave-dns-server/8?_=1607327341512

                I'll add a why not more : bind, as any other daemon type process, bind uses config files.
                And like servers daemons like apache2, nginx, postfix etc : it's close to impossible to build a GUI around them. You wind up doing what's been done for the last 3 or 4 decades : edit the config files with a text editor. Typically, you'll be needing 3 SSH open during editing :
                One where you edit the config files - bind has config many files, zone files. One to restart or reload bind9, and one where you 'tail' the bind log file(s). Typically, these log files are split in debug, xfer, dnsssec, debug, query, etc.
                Ones set up correctly, you'll be fine for some time.

                You have two choices :
                bind does everything for your pfSense, working as a resolver for pfSense, and your LAN's and slave DNS name server for your domain name.
                Or you make a mix : unboud listens only to the LANs and pfsense local host, and have bind bind to the WAN IP, port 53.
                I guess it is possible - with actually ONE restriction : you have to know bind.

                My own slaves run on a VPS that exists for only that reason : for DNS and mail backup server.

                I've been using https://freedns.afraid.org/ a long time as a second (third, actually) but had to remove them : as I'm using Letsencrypt, freedns.afraid.org is to slow to update (execute the XFER upon NOTIFY) so acme failed to renew my certs.
                What happens is that I ask mostly for wild card certs, which implies two records being pushed (using nsupdate) to the master DNS. When this happens, the master sends out after each record update a NOTIFY to the slaves. The first XFER initiated by the salves happens quickly, but then - @freedns - some rate limiting kicks in, the second records gets XFERred much kater, making the Letsencryptcheck fail. In the past, Letsencryptchecked just one name server, which could be the master answering, or the slave, making the chance bigger to succeed. These days, master and all the slaves are checked.

                No "help me" PM's please. Use the forum.

                1 Reply Last reply Reply Quote 0
                • A
                  AlexGess Banned @viragomann last edited by

                  This post is deleted!
                  1 Reply Last reply Reply Quote 0
                  • A
                    AlexGess Banned last edited by

                    This post is deleted!
                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post