Fine tuning PfSense for network with AD

Operations

I am wondering what extra setup / changes to PfSense i need to do to make it work with my AD 100%.

For example under DNS Resolver/General Settings/Custom Options

Should i add this line?

server:
private-domain: "ad.mydomain.com"

I have already entered a few Domain Overrides like:

Ad.mydomain.com => DNS01 IP
200.168.192.in-addr.arpa => DNS01 IP

And this question i am finding conflicting answers. Should my AD DNS forwarder point to my PfSense IP or should PfSense DNS point towards AD DNS IP?

heper

@operations you can tinker with trying to forward dns request from pfsense -> ADdns.

i find it easier to just fill in my AD-dns in the dhcp-server settings. this way my clients use AD-dns directly

stephenw10

You almost always want clients to use AD directly for DNS. Doing anything else will create problems. If you want to do DNS filtering in pfSense you can point AD to that as it's server.

Steve

Operations

@stephenw10 yes i have my AD DNS as a forwarder pointed at PfSense atm. Just wanted to check this part.

SteveITS

@operations said in Fine tuning PfSense for network with AD:

@stephenw10 yes i have my AD DNS as a forwarder pointed at PfSense atm. Just wanted to check this part.

Then setting the override will allow pfSense to resolve names in AD DNS (e.g. local SMTP).

Private is not necessary.

You can also override the reverse DNS if you have AD DNS set to use/hold the reverse zone. Then it can look up LAN IPs.