Resolve IP Addresses from different LAN



  • hi,

    out network has about 10 LAN. Each LAN has it own pfsense router with DNS/DHCP

    It looks like

    
                +--------------------------+--------------------------+---------------......
                |                          |                          |
                |   192.168.254.1          |   192.168.254.2          |   192.168.254.3
          .-----+-----.              .-----+-----.              .-----+-----.
          |  pfSense  |              |  pfSense  |              |  pfSense  |
          '-----+-----'              '-----+-----'              '-----+-----'
                |   192.168.1.254          |   192.168.2.254          |   192.168.3.254
                |                          |                          |
         Abt. 1 | 192.168.1.0/24    Abt. 2 | 192.168.2.0/24    Abt. 3 | 192.168.3.0/24
                |                          |                          |
          .-----+------.             .-----+------.             .-----+------.
          | LAN-Switch |             | LAN-Switch |             | LAN-Switch |
          '-----+------'             '-----+------'             '-----+------'
                |                          |                          |
          ...---+---...              ...---+---...              ...---+---...
    	(Clients/Servers)          (Clients/Servers)          (Clients/Servers)
    
    

    Every pfSense router knows the IP address und DNS-Name from the direct connected Client. So it is no problem to resolve an IP address with a client that belongs to LAN1 from a client belongs to LAN1 too.
    If you try to resolve an IP from a LAN3-client with a client in LAN1, you get a "Non-existent domain" error message from the DNS server.

    Is it possible that every pfsense router gets the DNS content from the others, so every client can resolve the IP from all clients on the whole network?

    best regards
    Shine


  • LAYER 8 Global Moderator

    They know it because they are dhcp clients to that pfsense.  Or that you created records for them in host over rides?

    If you want full dns for your entire network, then run dns for you entire network.

    Are you running active directory in this network?



  • What's the reason to split pfSense in multiple installs vs. one big box with multiple subnets?


  • LAYER 8 Global Moderator

    ^ agreed seems like a odd ball sort of setup.



  • I'm not judging, just asking!  :D  There might be a reason for it which is neither written nor sketched.


  • LAYER 8 Global Moderator

    Sure there was a reason for it..  Are those pfsense doing nat?  or just routing.. Access between segments going to be a pain if natting, etc.

    If there is a reason to do it that way, makes his name resolution a PITA if wants to use dns inside pfsense to resolve other segments.  Not designed for any sort of dns xfer, etc. etc.


  • Rebel Alliance Developer Netgate

    If you give them all different domain names, setup domain overrides in pfSense to forward those domains to the other firewalls, and add the other domains to your domain search list on the clients then it should all work out.

    Note that the search domains can't be sent via DHCP to Windows clients (a limitation of Windows!), but you can set it manually.

    It would always work with fully qualified (not short) domain names.



  • hi,

    there is only one domain name on the entire network, no NAT just routing.

    regards
    Shine



  • there is only one domain name on the entire network, no NAT just routing.

    Then you can't use domain overrides to refer lookups sensibly to one of the other pfSense. In your setup there is no DNS instance that has full knowledge of all the names in the domain.
    Thus you need to run some separate DNS server that is authoritative for the domain and comes to know all the names in the domain.

    If you put each pfSense and associated LAN in a different sub-domain then it would be easy to setup like JimP posted.


Log in to reply