Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Advice on combined internal DNS resolution across two sites?

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 3 Posters 419 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rprichard
      last edited by rprichard

      I have two pfSense boxes at two separate sites, linked together with a site-to-site Wireguard tunnel. I have multiple services at each site that I access through HAProxy via subdomains of a domain I own.

      Some of these services are at Site A, and some are at Site B. I would like to be able to access any service from either site using its domain name, as shown below:

      • service1.mydomain.tld -> service1 @ Site A
      • service2.mydomain.tld -> service2 @ Site A
      • service1.siteb.mydomain.tld -> service1 @ Site B
      • Etc.

      The issue is that these services are all internal, and mydomain.tld resolves to a public IP address.

      At Site A, I currently have things working with a redirect in the DNS resolver settings from *.mydomain.tld to my HAProxy frontend.

      server:
  local-zone: "mydomain.tld" redirect
  local-data: "mydomain.tld 86400 IN A 172.20.0.99"

      I am thinking I could have HAProxy redirect to Site B if 'siteb' is in the host name. At Site B, I could have a similar setup, where it redirects to Site A unless 'siteb' is in the host name. I would just need to add a similar DNS redirect at Site B.

      This seems a little convoluted, but I can't think of a better way of doing things. Does anyone have any suggestions/advice?

      I suppose I could send all requests to one site's HAProxy, then to each site as appropriate, but the ping is significant and I'd like everything to work even if WAN is down.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @rprichard
        last edited by

        @rprichard Perhaps I’m misunderstanding but I would use domain overrides to have unbound forward requests to the desired DNS server(s).

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
        Upvote 👍 helpful posts!

        keyserK 1 Reply Last reply Reply Quote 1
        • keyserK
          keyser Rebel Alliance @SteveITS
          last edited by

          @steveits Completely agree. And If you do not care to maintain overrides on both boxes, you could just do a domain.tld override on one box so any request for that intire domain is served by the box in the other end.

          Love the no fuss of using the official appliances :-)

          1 Reply Last reply Reply Quote 0
          • R
            rprichard
            last edited by

            @SteveITS that's perfect, thank you! No misunderstanding - I'm just new to networking so I sometimes miss the obvious.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.