Authoritative secondary DNS



  • Hello

    I'm currently running two microserver boxes in m y home LAN. One is the pfSense gateway and the second one is for testing, asterisk and also as a secondary DNS for all my domains.

    I'd like to collapse now those two machines into the pfSense box…so my question is if pfSense can do the secondary DNS task as well and not mixing it up with the internal DHCP/DNS forwarder....


  • Banned

    Install bind package and disable the forwarder.



  • Would it collide with my current internal DNS setup as I've setup forwarders for several company internal domains hooked up via OpenVPN connections.

    As I've specified them under "advanced settings"
    like:

    server=/customer1.net/x.x.x.x
    
    

  • Banned

    When you disable the forwarder, there is nothing to collide. I do not get your question at all.



  • Ah okay, I thought when I disable the forwarder the advanced options for specific DNS servers for specific domains will be lost then for dnsmasq…


  • Banned

    After you have disabled the DNS forwarder, dnsmasq will obviously NOT be runniing at all… So, whatever custom settings for that will be useless and unused. They certainly won't get picked up by bind.


  • Rebel Alliance Developer Netgate

    Move the forwarder (dnsmasq) to port 5353 (or something else), then setup NAT rules to redirect your local interface queries to localhost:5353 and then your local clients can continue to perform recursive lookups via dnsmasq even with some other DNS server using port 53 for authoritative responses.