How to allow pfsense and client use local DNS
-
Hi all,
I'm confusing with assign pfsense and my client use local DNS server, because my network have an Active Directory ( Domain Conller). All client in my network must join domain and so they must use local DNS server to resolve the domain name. That is reason why i must use local DNS server.
Local DNS server is configured with DNS forwarder to 2 DNS of 2 ISP.
How i can do this but don't effect the load balancing or failover in pfsense ?
Pls open the attachment file to see my network diagram.
Thank you very much.
-
pfSense dns settings won't be used by your clients anyway so there is no need for a special configuration. However I would set it up like described in the doc ( http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing#Setting_up_DNS_for_Load_Balancing ) and simply add your internal dns for your local domain at services>dns-forwarder. This way you can "failover" your clients to the pfSense dns-forwarder in case your local DNS goes boom for some reasin and they can at least use the internet. You even could assign your clients the pfSense LAN-IP as second DNS to do so.
-
Hi Hoba,
i have read the the tutorial and follow it.
This is my setting:
General setup:
DNS server: 210.245..31.130 ( DNS of ISP 1)
203.113.188.1 ( DNS of ISP 2)DNS Forwarder:
I added the local DNS :
Host : win2k3
Domain:company.com
IP : 192.168.1.100 ( Local DNS Server)DHCP server: no configure ( no use) and i have a another DHCP ( 192.168.1.100)
Loab balancing and failover: i follow the tutorial
Static route: no configure ( no use).
Result:
When 2 wan is up , i can resolve the name to ip and access to internet by web browser
When i unpluged the 1st wan , i can not resolve the name and can not access to internet by web browser.
I have read DNS load balancing tutorial that you give in the last post but i can not understand it well.
So you can tell me what my wrong configurartion in pfsense ? and troubleshoot for me
Thanks in deep.
-
You need to setup static routes for the DNS servers otherwise the DNS request goes to WAN always.
-
Thanks Sai,
Base on my network diagram. You can give an example about static route for DNS.
i have tried to add static route many time but can not success.
Thanks for your help , Sai and Hoba
-
Lets say that your DNS server provided by the lower ISP in the diagram has ip address 41.42.43.44 (you have labeled both ISPs ISP1 !)
In System > Static routes you press the + button and add a route like so:
Interface : LAN
Destination network : 41.42.43.44 / 32
Gateway: 192.168.3.254
Description : DNS from Lower ISP. -
Thanks Sai,
I have modified the my diagram network and do what you told me and i success but i must change something like that:
1. NAT:
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN 192.168.1.0/24 * * * * * *VIETTEL 192.168.1.0/24 * * * * * *
2.Static Route:
Interface : LAN
Destination network : 203.113.188.1/32
Gateway: 192.168.3.254
Description : Route to DNS of ISP 2Thanks for Sir and Hoba
Happpy pfsense. 8)
-
Your setup should work fine without the NAT rules….
edited to add: I would (respectfully!) disgree with Hoba in using the internal DNS for the firewall. I've found Microsoft implementation of DNS to be messed up. Best to use your ISPs DNS for lookups from the firewall. MS DNS is ok for MS clients.
-
HI Sai,
when i only use NAT on WAN Interface ( 1st WAN) i can not access to internet when 1st Wan unpluged ( down)
But when i add more NAT rule as i did then i can access internet if 1st wan or 2nd wan down.
I don't know why ? I will will see it later
BTW thanks Sai