Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    A few DNS forwarding Q's

    DHCP and DNS
    2
    3
    1772
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mervincm last edited by

      Running PFSense 2.0B5

      On my internal network, I have a W2K8R2 domain running DHCP and DNS on a DC.  All workstations and servers are configured to this DNS only.  Everything internal is registered in this DNS, either automatically, or I have made an A-record.  The DNS properly resolves (forward and backward) all my internal devices.

      My Domain is internal only, using 192.168.x.x scheme, and I do not require to supply DNS externally, and thus as a security best practice, I have forwarded the AD DNS to my PFSense Box.  My PFsense is configured to enable DNS forwarding (under services/DNS Forwarder) and has been configured (System /General Setup) to use the two OpenDNS IP's.

      So far so good.
      From any internal device, I can resolve other internal or external hosts by name.

      From the FW however, I can't resolve internal.  This makes sense, since it does not know about the internal DNS.  Unfortunately, I can't configure it with the internal DNS, or all of my name resolution would break :)

      The reason I care about this is so that I can get host names instead of IP addresses on stuff like BandwidthD reports.

      The only workaround I have found is to create an override in the Services/DNS forwarding section for each host.  This works just fine, but is a serious PITA to maintain.

      The appropriate solution appears to be to override an entire domain on the same Services/DNS forwarding page.  This doesn't seems to do anything for me.

      Is this broken or am I doing something wrong here?  Have I made some assumptions or design errors?

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob last edited by

        @mervincm:

        The appropriate solution appears to be to override an entire domain on the same Services/DNS forwarding page.  This doesn't seems to do anything for me.

        It might be necessary to restart dnsmasq (e.g. reboot the box) after setting the override so that it notices the changed configuration.

        How did you test the override and what did you see reported in your tests?

        1 Reply Last reply Reply Quote 0
        • M
          mervincm last edited by

          I tested it by looking at the Bandwidthd report :)  when I add them as individuals, the report has the names.  When I used the domain as the exception, it listed the IP and said to config DNS to resolve the IP.

          I am sure I tried rebooting the box, but I will try again and report back.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy