DNS Fowarder Or DNS Resolver
-
@johnpoz: You should watch your language and learn to read the posts properly! killmasta93 wrote he is using DNSBL (pfblockerNG dev) just like me.
And DNSBL requires unbound (dns resolver) to work - if you believe or not.
Also nonsense that DNS resolver is used in "wrong" way if you enable forwarding mode; the official FAQ for Unbound DNS Resolver tells you to have it enabled for multi-WAN configurations.
The configuration of the AD DNS is pretty simple: all clients use the AD DNS IP address, no secondary DNS. In the DNS settings ("forwarders") enter the IP of your pfsense box and uncheck "use root hints…". In pfsense unter system -> general setup you can set the DNS servers of your ISP, Google, OpenDNS etc. Do not add your AD DNS here. -
Watch my language?
Sorry but the OP did not state he was running a DEV only version - nor did you..
"So currently im using DNS Resolver (Unbound) for PfblockerNG 2.0 works great"
Where does it say that is DEV version.. Sorry if I don't keep up with the version numbers of all the packages available.
"pfsense that takes care of ads and malware (DNSBL). For pfBlockerNG"
Where did you state that you using DEV version..
As to wrong way – yeah you are IMHO.. As I stated but you clearly didn't read if you want the forwarder function where you can do seq or parallel use dnsmasq the old forwarder. Unbound has no functionality this -- if you want that sort of functionality maybe there is another DEV version you can try ;)
-
@johnpoz Thank you for a detailed response. Now i get it. So my testing setup should have no conflict, If I have DHCP Server disabled on pfSense and enabled on windows server, DNS on windows server with AD, And DNS resolver(unbound) block ads with DNSBL (pfblockerNG dev). :D
-
Whatever dude that was post 5 in the thread already and the last word in the post..
I now have this dev version. So setup your AD to forward to your pfsense.. Since to use pfbng with dnsbl you need unbound, we are done. If using unbound I don't see why you would not use it resolver mode with dnssec support.
Your question is not related fraglord.. But if your going to be using unbound, if you turn on forwarder mode it will ask them roundrobin fashion.. Verified this via sniff
-
Thanks for verifying, I will start another thread about this to not confuse here.
-
This answer have not so much to do with ad blocker but with dns and ad.
I have win2008 with AD and dns (ad requires dns)
The clients get's their ip from pfsense dhcp .
In the resolver I have made a override on domain.win to win2008 ad.
Then win2008 ask pfsense for dns lookup on clients
Why you ask ??
I'm have been feed up with this ridiculous mas cals and the ms hunt for bills over license and what not.
Aiming to move the hole company to a ad sitting on freenas.
In the resolver I have also made a override for domain.freenas to freenas.
One thing that I'm a bit pusseled over is that ping domain.win takes about 2 seek for starting responding but ping domain.freenas it's instantly.
With this setup I can slowly take department after department and move them over to domain.freenas.
The only thing that will left on the win2008 is the MPS system. All the share will be on freenas.
Several clients in the shop is only interested in the shares. When the times come when 2008 is abandom by MS hopefully our MPS will be ported to *nix enviroment or it will sit on some win7 machine.
