Resolve IP Addresses from different LAN

Shine

hi,

out network has about 10 LAN. Each LAN has it own pfsense router with DNS/DHCP

It looks like

            +--------------------------+--------------------------+---------------......
            |                          |                          |
            |   192.168.254.1          |   192.168.254.2          |   192.168.254.3
      .-----+-----.              .-----+-----.              .-----+-----.
      |  pfSense  |              |  pfSense  |              |  pfSense  |
      '-----+-----'              '-----+-----'              '-----+-----'
            |   192.168.1.254          |   192.168.2.254          |   192.168.3.254
            |                          |                          |
     Abt. 1 | 192.168.1.0/24    Abt. 2 | 192.168.2.0/24    Abt. 3 | 192.168.3.0/24
            |                          |                          |
      .-----+------.             .-----+------.             .-----+------.
      | LAN-Switch |             | LAN-Switch |             | LAN-Switch |
      '-----+------'             '-----+------'             '-----+------'
            |                          |                          |
      ...---+---...              ...---+---...              ...---+---...
	(Clients/Servers)          (Clients/Servers)          (Clients/Servers)

Every pfSense router knows the IP address und DNS-Name from the direct connected Client. So it is no problem to resolve an IP address with a client that belongs to LAN1 from a client belongs to LAN1 too.
If you try to resolve an IP from a LAN3-client with a client in LAN1, you get a "Non-existent domain" error message from the DNS server.

Is it possible that every pfsense router gets the DNS content from the others, so every client can resolve the IP from all clients on the whole network?

best regards
Shine

johnpoz

They know it because they are dhcp clients to that pfsense.  Or that you created records for them in host over rides?

If you want full dns for your entire network, then run dns for you entire network.

Are you running active directory in this network?

jahonix

What's the reason to split pfSense in multiple installs vs. one big box with multiple subnets?

johnpoz

^ agreed seems like a odd ball sort of setup.

jahonix

I'm not judging, just asking!  :D  There might be a reason for it which is neither written nor sketched.

johnpoz

Sure there was a reason for it..  Are those pfsense doing nat?  or just routing.. Access between segments going to be a pain if natting, etc.

If there is a reason to do it that way, makes his name resolution a PITA if wants to use dns inside pfsense to resolve other segments.  Not designed for any sort of dns xfer, etc. etc.

jimp

If you give them all different domain names, setup domain overrides in pfSense to forward those domains to the other firewalls, and add the other domains to your domain search list on the clients then it should all work out.

Note that the search domains can't be sent via DHCP to Windows clients (a limitation of Windows!), but you can set it manually.

It would always work with fully qualified (not short) domain names.

Shine

hi,

there is only one domain name on the entire network, no NAT just routing.

regards
Shine

phil.davis

there is only one domain name on the entire network, no NAT just routing.

Then you can't use domain overrides to refer lookups sensibly to one of the other pfSense. In your setup there is no DNS instance that has full knowledge of all the names in the domain.
Thus you need to run some separate DNS server that is authoritative for the domain and comes to know all the names in the domain.

If you put each pfSense and associated LAN in a different sub-domain then it would be easy to setup like JimP posted.