Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Pfsense with windows AD DNS + squid unable to resolve local hostnames

    DHCP and DNS
    5
    7
    1996
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      raj_amid last edited by

      hi i am new to pfsense. i have problem with squid not able to resolve local host names.

      windows AD- 192.168.100.0
      pcs-192.168.10.0

      pfsense -public ip
      pfsense local ip- 192.168.10.250

      no transparent proxy.

      dns and dhcp from cisco switch. routing. all networks

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        "dns and dhcp from cisco switch"

        Huh??  If you have AD, all members of domain or anyone actually wanting to resolve AD stuff needs to point to AD dns server, and should prob use that as dhcp as well..

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned last edited by

          This whole thread would strongly benefit from a network diagram. Also, completely missing how on earth is Squid relevant here. Fix your DNS on the pfSense box and it will work in Squid as well.  ::)

          1 Reply Last reply Reply Quote 0
          • R
            raj_amid last edited by

            sorry only dhcp range is from cisco switch dns from AD all meembers pointing to AD dns.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned last edited by

              And how exactly is that supposed to work? DHCP is doing the DNS registrations. Would suggest to read some MS docs.

              1 Reply Last reply Reply Quote 0
              • C
                chris4916 last edited by

                I suppose this guy is running Squid on pfSense box using explicit proxy configuration.
                When using explicit proxy (which is the right approach BTW), name resolution is done at proxy level.

                For what I understand from this fuzzy description, with such configuration, accessing internal web site doesn't work because Squid can't resolve internal name.

                What you can do it is to configure "use alternate DNS server" in Squid general settings so that it points to your internal DNS, assuming this internal DNS is also able to resolve external names, relying on DNS resolver or forwarder  ;)
                This also assumes that your internal DNS contains entries for internal web sites you want to access  8)

                EDIT: typo

                1 Reply Last reply Reply Quote 0
                • M
                  muswellhillbilly last edited by

                  @raj_amid:

                  sorry only dhcp range is from cisco switch dns from AD all meembers pointing to AD dns.

                  I'm not sure what you mean exactly, but your DNS setup should probably look something like this:

                  Your Squid (running on PFS?), your PFS and your clients should all have your Windows DNS server (domain controller) set as the main DNS server. Your Windows DNS server should have your external (public) DNS servers set as it's forwarders. That way, your Windows clients can resolve all your internal and external hosts as well as function within the AD envirnoment correctly, and your proxy/firewall will also resolve all internal and external hosts.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy