How to run DHCP on pfSense, but register DNS in Win2k3 server

johnpoz · Nov 27, 2014, 2:16 PM

hehe, yeah you can tell the old admins that still use the term bdc ;) I catch myself doing it as well - so don't feel too old. I wonder if I have a copy of NT laying around - fire up an old domain ;)

KOM · Nov 27, 2014, 2:33 PM

I have an active Windows NT 4.0 Server box sitting about 15 feet away from me. In a previous life we did optical drive & jukebox software, so I still to this day need a system that I can read & write NTFS4 for optical media data recovery purposes.

johnpoz · Nov 27, 2014, 5:12 PM

Well I just fired up a VM, stroll down memory lane on the setup process. Sure went a lot faster on a vm than I remember on real hardware ;)

Had to find sp6 to be able to install the nic drivers from vmtools - but its up and running and on the network ;) Hmm should I setup a domain is the question… hehe But it does ask you when you run through setup if you want it to be primary or BDC ;)

KOM · Nov 27, 2014, 5:30 PM

Did oyu have a product key for it or did you remember the old 111-111111111 trick?

johnpoz · Nov 27, 2014, 5:44 PM

I remember the 111 thing now that you mention it ;) But I just did a quick google, there was cdkey on archive.org for that matter. The OS is so old I think its public domain anyway.

muswellhillbilly · Nov 28, 2014, 8:47 AM

Ah, yes - slapping my forehead now. Windows DNS for AD is specific to AD, of course - with all those wonderful proprietary entries which make AD work (badly). You're right Johnpoz - I should sometimes engage my brain before typing. Ignore my previous bad advice.

kejianshi · Nov 28, 2014, 9:27 AM

Now I want to install windows 95… Where did I put that 20 pound stack of install disks....

ttblum · Dec 1, 2014, 5:53 PM

Hi,

I'm basing my setup on section 21.3.1.5 "Domain Overrides" of the first pfSense book. I need internet connectivity to stay up if there is a PDC failure because I have many mission-critical apps that are hosted over the internet.

As suggested there, my DHCP server is the pfSense router, primary DNS is the PDC, and secondary DNS is the pfSense.

Does setting it up this way usually register the correct workstation names in the PDC's DNS?

Derelict · Dec 1, 2014, 7:07 PM

Your solution is another DC, not pfSense. I would give DHCP duties to the windows server.

A BIND server with slave copies of the windows DC/DNS master zones should be good enough as a secondary in a pinch if you're looking for a free software solution - as long as AD is maintaining the contents of the zone files and you refresh early and often. Unless AD has DNS record types or something that nobody else uses - wouldn't surprise me.

As has been said, ALL of the name servers given to a client have to behave the same way and have the same content.

ETA: Hmm. Thinking about it, shouldn't it work if he domain overrides his AD DNS zone and in-addr zone(s) over to his DC? (with DHCP moved over to windows, of course)

ttblum · Dec 16, 2014, 8:32 PM

It looks like the issue was that we decommissioned workstations without removing them from Active Directory.

The DNS records of the old workstations stayed on the domain controller while the new workstations were joining, and I ended up with multiple DNS records pointing to a single IP address.

The DNS/ActiveDirectory forwarding is working fine with pfSense, I have a similar setups at other sites.