Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dns forwarder flow?

    Scheduled Pinned Locked Moved DHCP and DNS
    4 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      louis-m
      last edited by

      please could somebody explain the dns forwarder flow as I think I may have it wrong.

      Lets assume I have a windows dns server on my lan but my dhcp leases (for test clients) are from pfsense. Because pfsense is doing the dhcp, I want it to automatically add the dhcp clients into the dns forwarder whereas the more static clients etc will be stored in the windows dns.

      So, do I point my dhcp clients to go to the pfsense dns forwarder first or second?

      dhcp client > pfsense dns forwarder > windows dns server > pfsense external dns

      or

      dhcp client > windows dns server > pfsense dns forwarder > pfsense external dns

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        ALL AD members need to point to your AD dns.  I assume if your running windows DNS that you have active directory setup??  And these clients are members of this AD?

        Members of AD NEED to point to AD dns as their ONLY DNS SERVER.

        What you can do is have your AD dns forward queries its not authoritative for to pfsense, pfsense will then go and either forward to your isp or wherever you pointed it to forward.

        But again in MS AD - all members need to use AD DNS only.  Having non AD dns in the list is going to cause you issues.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • L
          louis-m
          last edited by

          Thanks for that. Normally I would but we have numerous vlans running and we find it far easier to allow pfsense to do the dhcp leasing by keeping it all in one place.
          You are correct in that we have AD setup on that particular vlan which has about 20 static clients (servers + desktops) and what we would like is for pfsense to manage the dynamic (test) clients for that domain.
          So any dns lookup on that domain would go from both the static clients & the dynamic test clients > pfsense forwarder > windows server > wan dns
          Just being lazy really (by keeping the leases in pfsense) and I know the easiest solution would probably be to disable dhcp/dns for that vlan in pfsense and allow the win server to do the rest.
          I've sort of figured it anyway with my first option (dynamic & static clients > pfsense dns forwarder > win2k8 dns > win2k8 forwarder) which appears to be working ok at this time.

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            The main thing if you do use a DNS forwarder (generally that's a good option as a secondary DNS in SBS environments and similar where you have only one AD DNS server), is make sure you're forwarding the AD domain to the AD DNS. If you have a typical full blown AD environment, it's best to point the clients straight to the AD DNS, but only because they'll register their hostnames in your AD DNS that way. As long as you have that domain forward in your DNS forwarder, AD works perfectly fine for clients using the DNS forwarder. It's just DNS name registration that wouldn't work in your AD in that case.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.