Non-caching DNS



  • I need to set-up a non-caching DNS instance on our office firewall server that will include the required DNS entries for both internal hosts, and also able to resolve external hosts. Also, update the DHCP config on the firewall to add this DNS server to the rotation for redundancy. What's the best way to achieve it?



  • Bump


  • Rebel Alliance Global Moderator

    So I take it pfsense is your office firewall server?

    So is pfsense going to be your networks dhcp server?

    Sure you can hand out whatever you want in dhcp for clients dns, be it pfsense box or any other dns for that matter.

    Your non-caching statement is a bit confusing.. If you want to be an authoritative name server for say yourdomain.tld and not do recursive that is fine, no caching would be done.  But then you say "and also able to resolve external hosts."

    Well if the nameserver is going to look up what I assume is public dns, then it would cache those entries.  Even if looking up say records from other specific nameservers you create NS records for, it would then still cache those look up for the length of the TTL.  This is just how dns works.

    I have never heard of anyone that would want to look up records from other nameservers and not cache those for the length of the TTL of what was looked up.

    Unbound or Tiny Dns packages would both be able to do what your after – I am becoming a real fan of unbound, and would suggest you take a look at that one.. The package has become very feature reach, and pretty much anything you can think of can be configured right from the package gui it adds into the pfsense gui.

    You can resolve local hosts, ie I have like 20 or so hosts in my local.lan zone -- and then it also does my networks external dns requests.

    how many local records are you talking about?  Do you have multiple local zones?

    And sure the dhcp server in pfsense can hand out how ever many dns servers IP you want to its dhcp clients.


Locked