Can I configure pfsense to resolve internal dhcp client names to the current IP?
-
running 2.7.2 (CE) in a proxmox vm
I got things fully configured as desired BUT I recently noticed it cannot resolve local dhcp clients using either their short or fqdn names. Even hosts with a DHCP reservation configured. External name resolution is working properly. A search via google did not reveal the answer to me, thus this post.Expectation:
- a client is issued a dhcp lease and their host name is registered in the local dns resolver (both pfsense).
- from any local client I should be able to query pfsense for the ip of a valid host name and get the current address.
Falling short of that expectation right now.
Example:
pfsense local domain is home.arpa
pfsense ip is 192.168.100.1
host is x400.home.arpa, ip is 192.168.100.161 (windows 10 client)[command]
nslookup x400.home.arpa 192.168.100.1
Server: pfSense.home.arpa
Address: 192.168.100.1*** pfSense.home.arpa can't find x400.home.arpa: Non-existent domain
nslookup x400 192.168.100.1
Server: pfSense.home.arpa
Address: 192.168.100.1*** pfSense.home.arpa can't find x400: Non-existent domain
The client (x400) has suffixes for home.arpa and points to pfsense as the only dns server, so it seems like the client is getting all the desired dhcp settings. x400 can resolve internet names just fine, just nothing local via pfsense.
I have no domain or host overrides configured, I did configure a dhcp reservation for the client (x400) as I read somewhere that might work. I get no valid results from the pfsense dns diagnostic page either. It SEEMS like pfsense does not know IT is the authoritative dns server for home.arpa and MAY be sending it upstream rather than resolving it itself, which would of course fail.
I hope there is a simple step I missed to enable the ability to resolve local dns/dhcp clients. Failing that I need a way to at least configure static names and ip's so they can be resolved by other clients. Maintaining a static list of host/ip mappings is sub optimal.
-
@walkingwounded said in Can I configure pfsense to resolve internal dhcp client names to the current IP?:
Maintaining a static list of host/ip mappings is sub optimal.
Not sub, it is optimal, as it is the only current solution.
Read Do you use dhcp reservations?
Understand that this :
is what I would call sub optimal, as there is a consequence : every incoming lease will restart unbound (DNS).
With the new KEA DHCP server, things will get better 'soon'.
-
@walkingwounded said in Can I configure pfsense to resolve internal dhcp client names to the current IP?:
I did configure a dhcp reservation for the client (x400)
Is it getting that IP? If so then you should be fine - if you have "Register DHCP static mappings in the DNS Resolver" in unbound.
Unless your using Kea for dhcp - which is preview and does not support either dynamic or reservations for dns.. Its right there in the release notes all the functions the preview release of kea does not yet support. And to be honest all over the forum with multiple threads about its shortcomings.
-
The device is getting the correct ip (the reserved ip), yet I still cannot resolve the host name via pfsense. It's like I don't HAVE a local authoritative dns zone at all.
That option "DHCP Registration" does not appear to exist in 2.7.2 (or at least I cannot find it in the dhcp or dns resolver pages I've scoured to this point).
Those Kea deficiencies are quite significant. I really hope those are not 'years from now' feature goals.
Are other users simply implementing some alternate local DNS server for this function? I cannot believe I'd be the only one trying to get local name resolution operational. If needs be I'll fire up a container or a vm to achieve this, but it certainly puts a damper on the experience. Other than this, pfsense does what I need it to do quite well.
I was going to put a whole rant here about having to restart a dns server after every record change, but thought better of it (not helpful, and probably mean).
-
@walkingwounded said in Can I configure pfsense to resolve internal dhcp client names to the current IP?:
That option "DHCP Registration" does not appear to exist in 2.7.2 (or at least I cannot find it in the dhcp or dns resolver pages I've scoured to this point).
if snake it would of bit you..
Its right below where you set register dynamic
Again if your using kea - this will not work..
-
Just re-checked, and it is not there for me. I am currently running Kea for DHCP however, so now I UNDERSTAND why this is not working as per expectations (Kea is simply not able to do it). I plan to switch back to ISC DHCP until things mature on the Kea front.
Thanks for the patience.
-
@walkingwounded said in Can I configure pfsense to resolve internal dhcp client names to the current IP?:
Just re-checked, and it is not there for me. I am currently running Kea for DHCP however,
Because you use KEA - and according to Netgate's blog post, and the couple of thousand recent forum posts since KEA was implemented, KEA does not support DHCP registration.
So, the GUI makes these two option invisible (non operationnal) on the resolver settings page.Solution : use the good old ISC-DHCP, and you're back in business.
edit : be aware : this is a temporary situation. In a nearby feature, KEA will support dhcp registration without the unwanted unbound (resolver) restarts for every new DHCP lease.
It's being worked on right now.
A blog post, and a new pfSEnse version, will announce this. -
Switched to ISC, expectations are met now. I cannot believe how I just failed to 'see' the clearly listed limitation and didn't actually 'understand' (I blame the heat). I even recall reading those notes pre deployment...so I'll call it user error.
Looking forward to future updates related to Kea. I do hope it will support no-static hosts as well when it finally arrives.
Thanks again.
-
@walkingwounded kea does have lots of things to look forward too.. And isc was getting a bit long in the tooth.. With new you will have developers that are excited, etc.
The logging looks way more intense - but also looks like you can do filtering of what is logged, etc.
Don't feel bad - lots and lots of people have failed to grasp the "preview" of the current implementation.. But it is getting old kicking this dead horse ;)
Only thing can hope for is next time maybe they rethink the wording a bit when they make such a announcement actually on a page in the software. But I can fully understand it.. Hey our users are techy.. They read the release notes, etc. They will check what isc says about the eol of their product and how its not really going anywhere.. Just no longer being developed actively, etc.
So just keep it sweet and to the point.. Which hasn't gone over how they planned I don't think..
Also I don't even know - is register dynamic and static even default? For all we know we have like 2 million users that have switched over to kea without incident because all they do is hand out IPs.. Which works just fine..
