Managing DNS and DHCP separately

  • Hi all,

    I have tried to find an answer for this one but despite a lot of searching I can't dig anything up. Is it possible to configure pfSense to handle DNS when it's not managing DHCP?

    This is for my lab and I do admit it's probably not the sort of setup that you'd come across "in the wild", often. I have pfSense doing pppoe authentication of the WAN link, as well as firewall and NAT, and I would also like it to handle DNS. Routing is handled by a L3 switch that has several vlans on it.

    From what i've read after the DHCP exchange, there is an interaction between the DHCP server and the DNS server where the A record and PTR record are updated for the given IP address. But how does the DHCP server know about the DNS server, and vice versa? The only way I can think is in the DHCP scope where you define the DNS server.


  • LAYER 8 Global Moderator

    Are you talking about dynamic registration..  This is done via SOA record for the domain a client is a member of or has listed as domain on that interface.

    Pfsense does not support that method of client registration, it just takes the clients it hands an IP to via dhcp and puts them in the dns records..

    So if you want pfsense to resolve client.yourdomain.tld for you then you need to let it run dhcp to do that, or create host over rides for them..  Are you a windows shop?  Do you run microsoft AD?

  • Hi John,

    Thanks for your input.

    I do use MS AD but I don't have anything installed on this particular environment. To be honest a little earlier in the piece I had thought "I should just install AD/DHCP/DNS on a VM and be done with it", but at the time it felt too much like giving up!

  • LAYER 8 Global Moderator

    If you run AD, then all clients should point to AD dns as their ONLY dns, and this should also be your dhcp server.. This is the designed and supported model from MS..  Pfsense dhcp and dns is meant for locations that do not have other systems in place to handle dhcp and dns.

    In a MS shop all members of AD should only point to your AD dns.  And having it provide your dhcp also makes it sure that even clients that can not register themselves in dns can be registered by the MS dhcp server.

    If your not running Active Directory and just using windows as workgroup and or standalone type servers then you could use anything else you want for dhcp and dns, for example pfsense.  But the pfsense dnsmasq service (forwarder) and the resolver (unbound) neither support client registration of their IPs and names in dns.  The only way for that to happen is if you create a host over ride or have the pfsense dhcp server put in those records for the leases or statics it has.

    If you want to do a full service of client registration in your dns running full service dns/dhcp - say for example from ICS bind and their dhcp server would be a better option.

Log in to reply