Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense DHCP with Active Directory DNS Windows Server 2016

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 3 Posters 815 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      awaisraza308
      last edited by

      have setup 2 domain controllers on our company network(10.0.2.122). Domain controllers(Active Directory) require DNS, I have installed DNS on DC01(10.0.2.122). Our DHCP is controlled by PfSense. I have added DNS server(10.0.2.122) entry into Pfsense. After that I tried connected a machine to the domain controller and it won't connect. --We have 2 old DC's each with it's own DNS servers, machine can find them easily.

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        The best way to handle this in an AD shop is to let AD do everything. That means DNS and DHCP. You can easily add DHCP as a feature on your domain controller.

        Set your AD DNS servers to resolve and make sure DHCP hands out your AD servers as the DNS for your network. Over on pfSense you can either point it to your AD DNS, or you can use the default resolver setup there and create a domain override for your local domain and point unbound on pfSense to your AD DNS box for resolving local hosts.

        1 Reply Last reply Reply Quote 0
        • B
          brians
          last edited by

          On pfsense, in DHCP server set the Other Options, Domain Name, to your AD domain... eg. mydomain.local.

          In DNS Resolver, make a Domain override: mydomain.local to 10.0.2.122

          I join PCs to different domains all the time over IPsec tunnels and DNS overrides.

          1 Reply Last reply Reply Quote 0
          • bmeeksB
            bmeeks
            last edited by bmeeks

            One issue you will face if you use the DHCP server on pfSense is that hostnames of local clients will not be registered in DNS in AD. That may or may not be of concern for your setup.

            And you don't want to turn on DHCP DNS updates within pfSense as that will cause the unbound daemon to be restarted each time a client renews its lease. There are many posts on the forum about that little gotcha. DNS can be dead for many seconds during that restart, and the dead time is greatly expanded when you use tools such as pfBlockerNG-devel and DNSBL.

            In my opinion, if you have an Active Directory shop, you really should let most of the DNS and DHCP infrastructure be hosted within AD. And in Windows 2016 and up, AD supports DHCP failover if you install the service on multiple hosts.

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.