Name resolution
-
I have setup a 'site to site' connection using the 'HowTo' (https://doc.pfsense.org/index.php/OpenVPN_Site_To_Site). I can login to the webconfigurator from each end to the other without problem. I can't mount Samba shares via IP address without problem. This is probably a stupid question, but how do you mount shares by name and not IP?
-
You will need to set up a DNS at that side, you want to use names.
-
point to a dns that resolves the names you want to resolve.
-
I should probably clarify. I have two locations that are running Windows 2008 servers with AD and both locations have windows DNS servers. I have OpenVPN setup between the two locations for a permanent site to site VPN for DFS and SQL replication, etc..
I am not exactly sure what is meant by 'setup DNS' as I already have DNS servers at each location. I tried using 'DNS resolver' with 'Host Overrides' and that does work on a host by host basis. I tried using 'Domain Overrides' but that did not. I can certainly enter a 'Host Override' for each server but that seems 'clumsy'. What am I missing here?
-
So you have site A and site B.. Connected with site to site vpn.. What does pfsense have to do with resolution of anything - you want pfsense to resolve something.siteAdomain.tld and stuff.siteBdomain.tld ?
Or you have clients in A and you want to resolve stuff in B?
Are these sites the same AD domain, subdomain - have a trust? You mention DFS – so thinking same domain? Then their dns would replicate..
Where are you pointing your clients for DNS - it wouldn't be pfsense if you have your own AD dns, etc..
If your AD dns is replicated, then client in site A asking site A dns server would resolve anything in the AD domain.. Same goes for B, same goes for a road warrior connecting in via vpn and using your AD dns for name resolution.. Are you attempting to use pfsense to resolve your AD?? That is bad idea, all members of your AD should point to your AD for dns..
https://technet.microsoft.com/en-us/library/cc772101.aspx
Understanding DNS Zone Replication in Active Directory Domain Services -
John,
thank you, answer was right in front of my face ;-)