How to setup PFSense as a Secondary DNS server?



  • I'm running PFSense as my gateway in my home and I have Windows Server 2003 serving DNS.  I'd like to set up PFSense to be a secondary DNS server, but I'm not sure exactly how to set it up.

    I went to Services >> DNS Forwarder and enabled all three checkboxes
    I also set Below you can override an entire domain by specifying an authoritative dns server to be queried for that domain. to my Primary domain controller, but when I go to (for example) my Proxy report, do a full refresh, and then take a look… I'm still only seeing the IP addresses and not the domain names from the DNS server.

    not sure where I'm going wrong.



  • Ok, so I manually removed all of my DNS servers in my Mac and set it to ONLY resolve to my pfsense box.  I was still able to resolve websites outside my network, so it must mean it's working.

    Why then to my reports not resolve to my DNS names?



  • I'm not a DNS expert, but I don't think Secondary DNS is what you think it is - it usually entails the secondary doing zone transfers from the primary and being queried by clients, which doesn't sound like what you are trying to do.  I would be surprised if pfsense does this, since this is not a common thing for a firewall to need to do.



  • @danswartz:

    I'm not a DNS expert, but I don't think Secondary DNS is what you think it is - it usually entails the secondary doing zone transfers from the primary and being queried by clients, which doesn't sound like what you are trying to do.  I would be surprised if pfsense does this, since this is not a common thing for a firewall to need to do.

    No that's exactly what I'm trying to do.  My in house server (Windows Server 2003) is our primary DNS server.  We use local DNS caching to speed up our DNS queries, and we also have a ".local" domain for in house name resolution (all our machines are named after lord of the rings characters).

    If I were to set pfsense up to transfer zones from our Primary server and also do OpenDNS lookups for our external browsing… then I can conceivably reboot our primary DNS server and not affect the browsing of of my users.

    Anyways... I went in and removed my primary DNS from my PC's settings and did both an internal and an external lookup, and everything resolved as expected.  I'm pretty sure I have the DNS forwarding setup properly.



  • To be honest, you would be better off setting up a minimal server on your LAN using some linux distro and install a supported DNS server there as a secondary.  While you might be able to get pfsense to do what you want, it is really not intended to work that way, and you are (IMO) setting yourself up for problems down the road.



  • @danswartz:

    To be honest, you would be better off setting up a minimal server on your LAN using some linux distro and install a supported DNS server there as a secondary.  While you might be able to get pfsense to do what you want, it is really not intended to work that way, and you are (IMO) setting yourself up for problems down the road.

    I've actually got is setup as follows now

    Server NIC 1 = Primary DNS
    PBX = Secondary DNS
    PFSense = Tertiary DNS
    Server NIC 2 = Quaternary DNS (in case the first server nic was simply non-responsive)

    So I basically have 3 servers distributing DNS.  This is working quite well and dns resolution is very speedy.


Log in to reply