DHCP and DNS Forwarder Override Question



  • I wanted to know if it was possible to use a DNS override on the Forwarder if you have defined separate DNS servers under DHCP.

    I am using pfsense 2-0 Release amd64 in a situation where my LAN uses an outside DNS service (defined in DHCP), my servers an internal DNS server, and I need to resolve DHCP clients to a handful of internal machines. I attempted to add the hosts, then the network domain in the override section, but this failed even after a dnsflush. I rearranged the DNS setup so that the internal machine was replaced  with the outside DNS in the general settings, the DHCP mappings were removed, dnsflush, and yet the overrides again failed to work. I also tried using System > Advanced > Dissable DNS Rebinding Attempts, but no luck and no outstanding error messages in the log to go off of.

    If I am missing something, please let me know. I'll provide any information required. Thank you.



  • @Takaratiki:

    I am using pfsense 2-0 Release amd64 in a situation where my LAN uses an outside DNS service (defined in DHCP), my servers an internal DNS server, and I need to resolve DHCP clients to a handful of internal machines.

    Perhaps I'm missing something.  Your question seems to be How can I configure the pfSense DNS forwarder so that its local name mappings are visible to systems that bypass (use an outside DNS) the DNS forwarder.

    Answer is: You can't. Your systems that need to resolve DNCP clients need to use pfSense as their DNS (and you need to have the pfSense DNS forwarder enabled and the appropriate option selected).



  • Thank you. I reapplied the changes (outside DNS as general servers, no override on DHCP, DNS forwarder on and internal domain overrode at the bottom) and got it to work. I tried it previously, but the DNS resolver didn't correctly resolve my requests until I deleted the previous entry and resaved it. Then it worked correctly. Again, thanks for the help.



  • Hi guys,

    I've been trying to solve this problem for a while now - I'm somewhere on the steep pfsense learning curve, so I'd ask you to patiently bear with me.

    I think I'm in a similar situation as to the OP here - I'm trying to pass my DNS settings forward to the clients rather than having the NIC gateway be the DNS server.  Why?  Here's why - I use an openVPN setup that passes all traffic over a vpn because I live in China.  I have lots of foreign guests come and stay with me per my job (I run a photography tourism company).  Most of them forget that China blocks almost every site they'd ever want to go to, so I've set up my gateway as the vpn and run the traffic over it.

    It, in theory, saves my ass and also is a huge convenience to my customers.

    Thus my question - Is there any way to pass the DNS server IP addresses on to the client w/o having to manually update it?  For example, sites such as facebook, youtube, google, twitter, etc all need to use a DNS server like openDNS or the DNS of my vpn provider.  I currently have to go onto each client and manually setup the primary and secondary DNS ip server addresses for the vpn connection to completely work - not a very helpful solution and not a very time-saving solution either.  I'd like it, if possible, to automatically pass those DNS servers on to the client vs having the gateway IP address be the automatica DNS server (here its 10.10.0.18).

    I'd really like to get this figured out!

    Thanks again for your time and sorry to steal the thread - just felt like this was very close to what I've been trying to accomplish & I'm glad the OP got his issues solved.

    Cheers,
    Brian



  • @Arisian:

    I'm trying to pass my DNS settings forward to the clients rather than having the NIC gateway be the DNS server.

    Your clients configure by DHCP? If so, on DHCP server page set the DNS you want the clients to use. What did I miss?



  • God lord that was an easy fix.  My head was going in the complete wrong direction and making it more complex than it needed to be

    sorry to be so ignorant.  Thanks or the simple answer.

    Thanks,
    Brian


Locked