Question about Active directory DNS with PFSense



  • Hello guys .
    I have installed Pf sense  as my Firewall insted of TMG …. (Thank god i got red of it)..
    anyway I have configured everything except one simple problem .. which is
    I have DNS server which contains my Active directory accounts (Names-privileges etc ), and has the Local Domains for my websits .. EX: website.comany.Local..

    I can no longer access these sites , also i can't remote access some of the VMachines ,  how can I solve that???
    Is there away to amke the PFsense use the DNS of the two local servers ??
    Please guys I am stuck here ..



  • Either turn off DHCP on the firewall and use one of your Windows servers for DHCP, or put the AD DNS servers in the proper places on the services, DHCP server page.



  • can you give me details how can I do that ??? I really dont get it



  • Umm, SERVICES, DHCP Server, LAN tab. There is a section 'DNS Servers'. Put the IP addresses of your AD servers in the blanks. In the 'Domain name' section, put your AD domain. e.g. mycompany.local…



  • I did that , and some local sites and Vms didnt work with me … :(
    Is there a way that I canmake the PFsense DNS resolve local HyperV machines with Diffrent IP range Ex: Pfsense is 10.0.1.1 and the HyperV is 192.168.11.3 & 192.168.12.3 (this is another server ) and make every thing work together ????



  • Services - DNS Forwarder - Host Overrides


  • Rebel Alliance Global Moderator

    You should not be pointing AD clients to pfsense dns forwarder..  Not a good idea.. And to be honest if your running AD you should let your AD be your dhcp server as well.  It uses that for dns registration, etc.  At least that is normal configuration.

    If the AD is not the dhcp server, then the client has to register itself in DNS.

    I would suggest you turn off pfsense dns and dhcp and let your AD handle it.. If you want you could use pfsense dns forwarder for your AD dns to lookup public dns with.



  • I agree with johnpoz.  On my network, I use pfSense as the front-end router/firewall only, and let our domain controllers handle DNS/DHCP.  Less hassle that way.



  • colleagues,

    I'm willing to let the pfsense, DHCP and DNS control.
    In my current network structure use Windows Server as AD and DNS.
    The pfSense is behaving very much like DHCP server, and honestly see no problem with leaving the pfSense as a DHCP server.

    If anyone has instructions for configuring tinydns in pfsense because I like to test it as the primary DNS server.

    Hugs to all