Windows 2012 R2 + pfSense



  • Hi all,

    Currently I'm running DNS+DHCP on my domain controller, all is well.

    Above services is disabled in pfSense as it is for now. I would like to achieve the following:

    1. Have pfSense act as a backup DNS to my clients, if my domain controller goes down, how can I do this?
    2. Have my domain controller forward external DNS queries to pfSense without using the root servers. Do I simply add the pfSense IP to Forwarders tab in DNS on Windows 2012? Any pfSense setup needed?

    I know I need to publish the pfSense IP to the DHCP clients, etc. but I'm unsure of the pfSense setup that might be needed to achieve the above.

    Thanks for any help,
    BR Jim


  • Banned

    1/ Bad idea. And, you really should always have two DCs at least.
    2/ Yes, just stick those in forwarders.



  • @doktornotor:

    1/ Bad idea. And, you really should always have two DCs at least.
    2/ Yes, just stick those in forwarders.

    Thanks for your fast reply.

    I have two DC's, but I would like to add the extra security of having pfSense as a 3rd option.

    About the forwarders, do I need to enable any DNS options on pfSense? Currently both the "DNS Forwarder" and the "DNS Resolver" is DISABLED, as they're running on my DC?

    Thanks
    Jim


  • Banned

    Uhm… when you have no DNS server running on pfSense, then pointing anything at pfSense will obviously be useless at best. Enable the resolver, create a domain override there for your AD domain pointing to an AD DNS. Then you can hand it out via AD DHCP.



  • @doktornotor:

    Uhm… when you have no DNS server running on pfSense, then pointing anything at pfSense will obviously be useless at best. Enable the resolver, create a domain override there for your AD domain pointing to an AD DNS. Then you can hand it out via AD DHCP.

    Thank you! Any special options i should change in the pfSense DNS Resolver?

    Should I define any Reverse pointers/zones for pfSense, so it knows my hostnames, etc?

    EDIT: Should I tick the box called "Do not use the DNS Forwarder as a DNS server for the firewall" under the  System->General tab?

    BR Jim


Log in to reply