Best way to forward DNS for a parent domain (pfSense) on Microsoft DNS Server

  • I have two DNS servers:

    • (handled by pfSense which is also the DHCP server, it's IP address is

    • (handled by Windows Server 2012 DNS, it's IP address is and it's the DC for this domain (i.e. ""))

    When DHCP dishes out the IP addresses it specifies the Windows DNS server IP ( so all machines use Windows DNS as a first port of call.

    What is the best/correct way for the Windows DNS server to hand all requests for to
    (in pfSense-speak this would be called a "Domain Override"?)

    Additional info: was created as a new forest by the Windows server DC
    Both pfSense and the Windows DC are handling DNS, maybe I should sop the pSense DNS option?

  • a) Point Windows Server DNS to the pfSense as its upstream DNS server. Both and public names will all be passed up to pfSense, and the pfSense DNS forwarder will answer or on-forward as needed. That is what I do. ; or
    b) Point Windows Server DNS to an external DNS (OpenDNS, google, your ISP…) as its upstream DNS server. Add a conditional forwarder that refers to the pfSense LAN IP.

  • Thanks, I went for option (b) and it works a treat!

Log in to reply