How to setup Windows DNS server behind pfsense router?
-
Johnpoz, thanks for your questions.
Sorry for the confusion. My windows server is running active directory and hosting a domain for my home network. I'd to have the server as both the authoritative DNS and DHCP server for me network instead of pfsense. In otherwords, have the windows server issue all DHCP IP addresses for my LAN and resolve all LAN DNS requests.
I was able to setup DNS on the windows server and enter into the forwarders my pfsense box as well as my ISPs 6 DNS servers. The windows server can also successfully resolve these numeric IPs to their names (i.e. cdns1.cox.net, etc.). However it seems pfsense is somehow preventing the windows server itself from accessing the internet. Perhaps it's because the DHCP server on windows server itself isn't able to successfully issue the win box a DHCP address.
In my pfsense general settings, I've kept:
hostname:pfsense
domain: localdomain (my windows home domain is home.local)
DNS servers are: 68.105.28.11, 68.105.28.12, etc (Cox ISP DNS)
checked - allow DNS server list to be overridden by DHCP/PPP on WAN
checked - do not use the DNS forwarder as a DNS server for the firewall -
my WAN IP is obtaining it's IP by way of DHCP from my ISP. I don't believe it's on the same subnet as my LAN. What is quickest way to tell?
In the pfSense web GUI: Status -> Interfaces
From pfSense shell:/etc/rc.banneror```
ifconfig -
Thanks. OK - I've confirmed that my WAN and LAN IPs are on different subnets.
WAN IP subnet mask: 255.255.255.128
LAN IP subnet mark: 255.255.255.0 -
If you server is running AD dns, then you shouldn't be pointing to pfsense as dns on it nor any members should be pointing to anything other than your AD dns (this windows server)
If you setup pfsense as a forwarder on windows - why would you also point to your isp servers? If you want to use pfsense that is fine, but why then use your isp. pfsense would be asking them anyway.
Again there is NOTHING in the default lan rules that prevents any sort of internet access from any client on your lan network. So unless you have messed up your netmask or something on the server when you set it static there is nothing different about being dhcp or static for accessing the internet.
Do a simple ping from the client/server that you setup as static to your pfsense lan ip, then outside like 8.8.8.8 (googledns) or something.
Then do a query to something outside via nslookup or dig on the client - can it resolve.
Have you adjusted the default lan rules? Are you using squid or something (proxy). Are you doing anything with static arp in the dhcpserver in pfsense?
there is nothing saying pfsense has to be dhcp or dns to route and nat traffic to the internet for you. I was at one point setup where windows was my dns and dhcp. Click click and you should be up and running unless your doing something wrong with your dhcp scope, static settings that put them on a different network then pfsense lan. Or you have misconfigured dns or have made some changes to the default lan rules on pfsense.
-
I've confirmed that my WAN and LAN IPs are on different subnets.
You have confirmed they have different subnet masks!
You need both the IP address AND subnet mask to determine if they are on different subnets. Please provide the IP addresses as well.
-
Oops. sorry.
My LAN interface IP of the pfsense box is 192.168.0.1 (subnet mask 255.255.255.0)
WAN IP: 70.166.137.16 (subnet mask: 255.255.255.128)Also, I confirmed that under NAT-Outbound my default rule 'Auto created rule for LAN to WAN' is set to:
Source: Network
Address: 192.168.0.0 /24Destination: any
-
The setup sounds good. For a test, use the DNS server on the pfSense machine as your DNS and see if you are able to get to the internet? Also when you are setup statically, traceroute to 8.8.8.8 to see if you can get out via IP and not based on name. Are you running any packages?
-
podilarius. thanks for your help! It appears I was able to resolve this issue now. and am able to successfully use 192.168.0.1 (my pfsense box LAN IP) or the google DNS IPs in my DNS forwarder tab on my windows server.
-
@miles267, i have the same problem with yours. can you explain further what you did to solve your issue. Your reply is greatly appreciated.thanks
-
@rtabique - miles267 had issue where he was trying to use INVALID static public IPs on his wan and setting up 1:1 nat to these IPs that were not working!! So any IP he setup a 1:1 nat for to use these bad public IPs is not going to talk on the internet. But if it got a dhcp address and was using a different private IP that was setup in the 1:1 it used his dhcp wan IP address and worked just fine.
He spread his issue about 3 different threads all about the same problem!!! So you might think your problem is related to his when it is in fact something completely different.
I find it highly unlikely your also using bad static IPs from your ISP while also trying to use dhcp on your wan interface, while also doing 1:1 nats to these bad IPs? ;)
Your best bet is to start your own thread and describe the issue your having.
