Best way to forward DNS for a parent domain (pfSense) on Microsoft DNS Server



  • I have two DNS servers:

    • mydomain.com (handled by pfSense which is also the DHCP server, it's IP address is 192.168.10.1)

    • ad.mydomain.com (handled by Windows Server 2012 DNS, it's IP address is 192.168.10.2 and it's the DC for this domain (i.e. "ad.mydomain.com"))

    When DHCP dishes out the IP addresses it specifies the Windows DNS server IP (192.168.10.2) so all machines use Windows DNS as a first port of call.

    What is the best/correct way for the Windows DNS server to hand all requests for mydomain.com to 192.168.10.1?
    (in pfSense-speak this would be called a "Domain Override"?)

    Additional info: ad.mydomain.com was created as a new forest by the Windows server DC
    Both pfSense and the Windows DC are handling DNS, maybe I should sop the pSense DNS option?



  • a) Point Windows Server DNS to the pfSense as its upstream DNS server. Both mydomain.com and public names will all be passed up to pfSense, and the pfSense DNS forwarder will answer or on-forward as needed. That is what I do. ; or
    b) Point Windows Server DNS to an external DNS (OpenDNS, google, your ISP…) as its upstream DNS server. Add a conditional forwarder that refers ad.mydomain.com to the pfSense LAN IP.



  • Thanks, I went for option (b) and it works a treat!


Locked