Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    A few DNS forwarding Q's

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mervincm
      last edited by

      Running PFSense 2.0B5

      On my internal network, I have a W2K8R2 domain running DHCP and DNS on a DC.  All workstations and servers are configured to this DNS only.  Everything internal is registered in this DNS, either automatically, or I have made an A-record.  The DNS properly resolves (forward and backward) all my internal devices.

      My Domain is internal only, using 192.168.x.x scheme, and I do not require to supply DNS externally, and thus as a security best practice, I have forwarded the AD DNS to my PFSense Box.  My PFsense is configured to enable DNS forwarding (under services/DNS Forwarder) and has been configured (System /General Setup) to use the two OpenDNS IP's.

      So far so good.
      From any internal device, I can resolve other internal or external hosts by name.

      From the FW however, I can't resolve internal.  This makes sense, since it does not know about the internal DNS.  Unfortunately, I can't configure it with the internal DNS, or all of my name resolution would break :)

      The reason I care about this is so that I can get host names instead of IP addresses on stuff like BandwidthD reports.

      The only workaround I have found is to create an override in the Services/DNS forwarding section for each host.  This works just fine, but is a serious PITA to maintain.

      The appropriate solution appears to be to override an entire domain on the same Services/DNS forwarding page.  This doesn't seems to do anything for me.

      Is this broken or am I doing something wrong here?  Have I made some assumptions or design errors?

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        @mervincm:

        The appropriate solution appears to be to override an entire domain on the same Services/DNS forwarding page.  This doesn't seems to do anything for me.

        It might be necessary to restart dnsmasq (e.g. reboot the box) after setting the override so that it notices the changed configuration.

        How did you test the override and what did you see reported in your tests?

        1 Reply Last reply Reply Quote 0
        • M
          mervincm
          last edited by

          I tested it by looking at the Bandwidthd report :)  when I add them as individuals, the report has the names.  When I used the domain as the exception, it listed the IP and said to config DNS to resolve the IP.

          I am sure I tried rebooting the box, but I will try again and report back.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.