  • I have scoured the forums to no avail looking for an answer. I am sure it's a simple fix but I can't figure out what's wrong.

    I have a managed switch and a pfSense box running 2 vlans, a home and a lab. Firewall rules are in place to disable VLANS from communicating. Home network (VLAN 10) gets DHCP and DNS through pfSense. Lab network (VLAN 20) is an AD environment and gets DNS and DHCP from domain controller. DNS forwarder on pfSense is set with domain override in place.

    pfSense box has 2 interfaces 1 WAN and 1 LAN and configuration is "router on a stick". Home network is up and running flawlessly. Lab network hands out DHCP and clients display domain name in interface. If static IP is set interface refers to "network" and cannot be joined to domain. Lab network has 2 esxi hosts with 3 VMs per host.

    I assume its something in the DNS setttings but I just can't see it? Any ideas?

  • What exactly goes wrong? does not work?
    The Windows Domain DNS server will need to point to an upstream DNS for general resolving of public names (e.g. point to the pfSense LABnet IP address).
    (Potential) Domain clients need to be given the Windows Dimain DNS server as their DNS server. When joining the domain, a client needs to talk to the proper Windows Domain DNS to find all the names it needs for domain stuff. And it really helps if it continues to point there after joining the domain :)

  • ALMOST everything is working.

    Clients on LAB vlan receive ip addresses from DC and show domain name in interface

    Domained machines the same.

    Clients assigned a static ip (vlan default gateway and DC IP as DNS server) now show network in network interface and machine is prompted to share info with new network.
    It ahouldn't do that, right? All machines in this VLAN should show as the domain network or am I missing something?

  • I don't really have an environment to test that. But the static IP machines are not going to be getting any settings from a DHCP server. Normally the DHCP server would send them some default domain information that lets them learn a domain to use.
    So you probably need to either:
    a) Explicitly set the domain somewhere in the static clients or
    b) Set up some static mapping in the DHCP server so that those clients can use DHCP, and will thus get the domain name along with their static-mapped IP.

    Or © I don't really understand the whole combination of systems/settings and someone else will have a good idea :)

