Restore Defaults - Per section not full server
-
Has it ever been discussed or suggested that a feature to 'Restore Defaults' be added to each section within pfSense - instead of resetting the entire kit & kaboodle?
For example, ServicesDNS / Resolver / General Settings is just one of the ones I seem to get the most confused with.
-
With the config sections as they exist today it might not make much sense to do that. Most sections rely on config from other sections to work correctly.
-
@stephenw10 He’s not saying to remove it, though, just sort of “undo.”
@bearhntr …speaking of which, in the short term you can use the config history to undo.
Or if you kept a copy of a default config file, literally just restore the DNS Resolver section.
-
@SteveITS and @stephenw10
Yes - kind of like an UNDO process. Siting my current dilemma.
I have been using pfSense for 1+ years as the router/firewall in my home. I have a Netgear Orbi with a satellite - which was doing that, as I only have one cable jack in the entire home, and not had a chance or $ to run cat6 through the house. The Orbi is now in AP mode and sits on Kitchen counter... (next to the den where the cable modem is). The satellite is in my office on the other end of the house. I get pretty good Wi-Fi throughout the house.
I stood up a Windows 2019 Domain Controller and it is preferred to use it for DNS/DHCP with ADDS - so I have done that. So, I bet you can see where I am going. Almost every guide I have read says to put pfSense into DNS Forwarder, not Resolver (yes, yes, yes - I know the resolver can be forwarder too...which is the way I have it now). Everything is working. pfSense DNS in General Settings is pointing to my ADDS/DNS/DHCP and that points to CloudFlare (addresses IPv4 and IPv6). Yes, I have both setup on ADDS. As I stated, everything is working. Speed is the same. I am being 'picky' I know about turning off the RESOLVER piece. I would like to make sure that if I DISABLE RESOLVER and ENABLE FORWARDER - something is not lying in wait in the background. lol
I have also considered using another NIC on my pfSense box to separate Wi-Fi (and Wired) into separate segments - but given the 'invisible' Wi-Fi network that Orbi AP talks to Satellite with not sure how it, if, that would work. I have computers 'wired' to the satellite in my office, as I work from home now (thank you COVID).
-
@bearhntr Not sure about the guides, but Resolver has been the default for quite a while now, and supports forwarding since we use it for all our clients (to Quad9). Couple notes:
- for AD DNS, create a domain override(s) for your AD domain and point to your Windows DNS server IP(s). This way IPv6 DNS queries will resolve AD.
- if forwarding disable DNSSEC, per Quad9 and others forwarding with DNSSEC enabled can cause false failures.
- if forwarding disable DNS over TLS or use the workaround for the bug noted here, fixed in 23.09
-
Thanks for the input.
- Not sure exactly how you mean to do this. Got some images?
- Already did this - when I stated seeing the errors in the logs, I did some research and it advised this. Some others (which I have not done yet - give instructions on setting up DNNSEC from the ADDS side).
- I am guessing you mean this (images) - this is what I have setup (should I change anything? I always question the Network Interfaces and Outgoing settings):
