Replacing a Win 2k3 with Pfsense



  • Hey everyone

    I'm currently undergoing a process to decommission my companies old domain server running 2k3.  The server is running as our gateway and as such, is running DHCP and DNS for the network.  Eventually i'll be installing a new 2k8 machine running exchange and AD and have a Pfsense firewall dealing with network security, DHCP and DNS.

    On the 2k3 server, the domain is listed as theatrecompany.local (we're a local theatre), we have an internal ssl site that manages our ticketing system that's at tickets.theatrecompany.com (and points to a web server on the network), however theatrecompany.com is directed to a different hosting service where our website sits.

    I've setup Pfsense off a secondary hookup on our ISP's router/modem, i've tried to specify the domain to theatrecompany.local but Pfsense advised against that, i've also statically mapped all workstations and servers inside the DHCP config.  I then installed tinyDNS and thats where i get lost, being new to the DNS config inside Pfsense.  Can anyone direct me to a guide as to how this is set up with an AD domain present?  I'm pretty sure i should be keeping a .local domain.  I'd also like to have all internal mappings automatically register with the DNS (ie. workstation1.theatrecompany.local, server1.theatrecompany.local, etc)


  • Rebel Alliance Developer Netgate

    When dealing with an AD Domain, it is usually best to leave DNS and DHCP handled by the DCs. You can set the DNS forwarders on the DCs to the pfSense router, but the clients should still point to the DCs directly for DNS.



  • @jimp:

    When dealing with an AD Domain, it is usually best to leave DNS and DHCP handled by the DCs. You can set the DNS forwarders on the DCs to the pfSense router, but the clients should still point to the DCs directly for DNS.

    Yea finding that out now.  I'll leave the AD server to deal with local DNS and then forward all other requests to the Pfsense box.  I'll test out DHCP, i'd like to keep that under Pfsense, but if i can't i'll keep that on the AD server as well.


Log in to reply