4. A few DNS forwarding Q's

A few DNS forwarding Q's

  • M

    Running PFSense 2.0B5

    On my internal network, I have a W2K8R2 domain running DHCP and DNS on a DC.  All workstations and servers are configured to this DNS only.  Everything internal is registered in this DNS, either automatically, or I have made an A-record.  The DNS properly resolves (forward and backward) all my internal devices.

    My Domain is internal only, using 192.168.x.x scheme, and I do not require to supply DNS externally, and thus as a security best practice, I have forwarded the AD DNS to my PFSense Box.  My PFsense is configured to enable DNS forwarding (under services/DNS Forwarder) and has been configured (System /General Setup) to use the two OpenDNS IP's.

    So far so good.
    From any internal device, I can resolve other internal or external hosts by name.

    From the FW however, I can't resolve internal.  This makes sense, since it does not know about the internal DNS.  Unfortunately, I can't configure it with the internal DNS, or all of my name resolution would break :)

    The reason I care about this is so that I can get host names instead of IP addresses on stuff like BandwidthD reports.

    The only workaround I have found is to create an override in the Services/DNS forwarding section for each host.  This works just fine, but is a serious PITA to maintain.

    The appropriate solution appears to be to override an entire domain on the same Services/DNS forwarding page.  This doesn't seems to do anything for me.

    Is this broken or am I doing something wrong here?  Have I made some assumptions or design errors?

    Thanks in advance

    0
  • W

    @mervincm:

    The appropriate solution appears to be to override an entire domain on the same Services/DNS forwarding page.  This doesn't seems to do anything for me.

    It might be necessary to restart dnsmasq (e.g. reboot the box) after setting the override so that it notices the changed configuration.

    How did you test the override and what did you see reported in your tests?

    0
  • M

    I tested it by looking at the Bandwidthd report :)  when I add them as individuals, the report has the names.  When I used the domain as the exception, it listed the IP and said to config DNS to resolve the IP.

    I am sure I tried rebooting the box, but I will try again and report back.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy