How to allow pfsense and client use local DNS



  • Hi all,

    I'm confusing with assign pfsense and my client use local DNS server, because my network have an Active Directory ( Domain Conller). All client in my network must join domain and so they must use local DNS server to resolve the domain name. That is reason why i must use local DNS server.

    Local DNS server is configured with DNS forwarder to 2 DNS of 2 ISP.

    How i can do this but don't effect the load balancing or failover in pfsense ?

    Pls open the attachment file to see my network diagram.

    Thank you very much.




  • pfSense dns settings won't be used by your clients anyway so there is no need for a special configuration. However I would set it up like described in the doc ( http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing#Setting_up_DNS_for_Load_Balancing ) and simply add your internal dns for your local domain at services>dns-forwarder. This way you can "failover" your clients to the pfSense dns-forwarder in case your local DNS goes boom for some reasin and they can at least use the internet. You even could assign your clients the pfSense LAN-IP as second DNS to do so.



  • Hi Hoba,

    i have read the the tutorial and follow it.

    This is my setting:

    General setup: 
                            DNS server: 210.245..31.130 ( DNS of ISP 1)
                                            203.113.188.1 ( DNS of ISP 2)

    DNS Forwarder:
                            I added the local DNS :
                                          Host : win2k3
                                          Domain:company.com
                                          IP : 192.168.1.100 ( Local DNS Server)

    DHCP server: no configure ( no use) and i have a another DHCP ( 192.168.1.100)

    Loab balancing and failover: i follow the tutorial

    Static route: no configure ( no use).

    Result:

    When 2 wan is up , i can resolve the name to ip and access to internet by web browser

    When i unpluged the 1st wan , i can not resolve the name and can not access to internet by web browser.

    I have read DNS load balancing tutorial that you give in the last post but i can not understand it well.

    So you can tell me what my wrong configurartion in pfsense ? and troubleshoot for me

    Thanks in deep.



  • You need to setup static routes for the DNS servers otherwise the DNS request goes to WAN always.



  • Thanks Sai,

    Base on my network diagram. You can give an example about static route for DNS.

    i have tried to add static route many time but can not success.

    Thanks for your help , Sai and Hoba



  • Lets say that your DNS server provided by the lower ISP in the diagram  has ip address 41.42.43.44 (you have labeled both ISPs ISP1 !)

    In System > Static routes you press the + button and add a route like so:

    Interface : LAN
    Destination network : 41.42.43.44 / 32
    Gateway: 192.168.3.254
    Description : DNS from Lower ISP.



  • Thanks Sai,

    I have modified the my diagram network and do what you told me and i success but i must change something like that:

    1. NAT:

    Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description 
    WAN  192.168.1.0/24       *                  *                          *                          *                    *              *

    VIETTEL  192.168.1.0/24      *                *                          *                          *                      *              *

    2.Static Route:

    Interface : LAN
    Destination network : 203.113.188.1/32
    Gateway: 192.168.3.254
    Description : Route to DNS of ISP 2

    Thanks  for Sir and Hoba

    Happpy pfsense. 8)



  • Your setup should work fine without the NAT rules….

    edited to add: I would (respectfully!) disgree with Hoba in using the internal DNS for the firewall. I've found Microsoft implementation of DNS to be messed up. Best to use your ISPs DNS for lookups from the firewall. MS DNS is ok for MS clients.



  • HI Sai,

    when i  only use NAT on WAN Interface ( 1st WAN) i can not access to internet when 1st Wan unpluged ( down)

    But when i add more NAT rule as i did then  i can access internet if 1st wan or 2nd wan down.

    I don't know why ? I will will see it later

    BTW thanks Sai


Log in to reply