Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can I add manual entries to pfSense's DNS resolver that include specific ports?

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 4 Posters 659 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      darrenavid
      last edited by darrenavid

      pfSense works great at adding DHCP entries into local DNS and resolving <machinename.localdomain>. Now that I'm standing more and more apps up with Docker, I've got many "machines" running on the same IP, but with different ports. Is there a way to manually add entries to pfSense's DNS resolver for entries that include a specific port, i.e. <machinename.localdomain:PORT>?

      FWIW, I'm using NGINX to handle this already to applications I want accessible outside of my firewall at servername.publicdomain/servicename, but I want a solution for applications that are only to be accessed internally.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        DNS does not understand the concept of ports. There is no way to make that work.

        You can configure a split DNS and have internal hosts use that to connect to the NGINX process.

        D 1 Reply Last reply Reply Quote 0
        • D
          darrenavid @bmeeks
          last edited by

          @bmeeks said in Can I add manual entries to pfSense's DNS resolver that include specific ports?:

          You can configure a split DNS and have internal hosts use that to connect to the NGINX process.

          Reply

          I figured split DNS was the answer. Can you point me in the direction of a relevant guide I can RTFM?

          S bmeeksB 2 Replies Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @darrenavid
            last edited by

            @darrenavid try https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 1
            • bmeeksB
              bmeeks @darrenavid
              last edited by bmeeks

              @darrenavid said in Can I add manual entries to pfSense's DNS resolver that include specific ports?:

              I figured split DNS was the answer. Can you point me in the direction of a relevant guide I can RTFM?

              Here is a link to Split DNS configuration in the official pfSense documentation: https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html#method-2-split-dns.

              And here is a link to a short discussion thread from Lawrence Systems on configuring Split DNS on pfSense: https://forums.lawrencesystems.com/t/split-dns-tutorial/9060.

              Using Split DNS is recommended over NAT Reflection. Using your example URL, servername.publicdomain would get the private local IP of your NGINX box in
              a host override in unbound.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @darrenavid
                last edited by

                @darrenavid said in Can I add manual entries to pfSense's DNS resolver that include specific ports?:

                FWIW, I'm using NGINX to handle this already to applications

                While I agree split dns is normally the best solution. I take it your using some internal nginx as a proxy.. Have you looked at the haproxy package?

                If you want to send to different ports, or have ssl offload done the haproxy can be used to get to your internal services. I host a couple of services to the public via haproxy. But my internal hosts can use the same fqdn to access, which resolves to the public IP.

                So for example https://host.mypublicdomain.tld resolves to pfsense wan IP. But this gets sent to a backend that is not doing ssl, that is handled by haproxy and goes to a odd ball port that the actual service is listening on.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.