Pfsense with windows AD DNS + squid unable to resolve local hostnames



  • hi i am new to pfsense. i have problem with squid not able to resolve local host names.

    windows AD- 192.168.100.0
    pcs-192.168.10.0

    pfsense -public ip
    pfsense local ip- 192.168.10.250

    no transparent proxy.

    dns and dhcp from cisco switch. routing. all networks


  • LAYER 8 Global Moderator

    "dns and dhcp from cisco switch"

    Huh??  If you have AD, all members of domain or anyone actually wanting to resolve AD stuff needs to point to AD dns server, and should prob use that as dhcp as well..


  • Banned

    This whole thread would strongly benefit from a network diagram. Also, completely missing how on earth is Squid relevant here. Fix your DNS on the pfSense box and it will work in Squid as well.  ::)



  • sorry only dhcp range is from cisco switch dns from AD all meembers pointing to AD dns.


  • Banned

    And how exactly is that supposed to work? DHCP is doing the DNS registrations. Would suggest to read some MS docs.



  • I suppose this guy is running Squid on pfSense box using explicit proxy configuration.
    When using explicit proxy (which is the right approach BTW), name resolution is done at proxy level.

    For what I understand from this fuzzy description, with such configuration, accessing internal web site doesn't work because Squid can't resolve internal name.

    What you can do it is to configure "use alternate DNS server" in Squid general settings so that it points to your internal DNS, assuming this internal DNS is also able to resolve external names, relying on DNS resolver or forwarder  ;)
    This also assumes that your internal DNS contains entries for internal web sites you want to access  8)

    EDIT: typo



  • @raj_amid:

    sorry only dhcp range is from cisco switch dns from AD all meembers pointing to AD dns.

    I'm not sure what you mean exactly, but your DNS setup should probably look something like this:

    Your Squid (running on PFS?), your PFS and your clients should all have your Windows DNS server (domain controller) set as the main DNS server. Your Windows DNS server should have your external (public) DNS servers set as it's forwarders. That way, your Windows clients can resolve all your internal and external hosts as well as function within the AD envirnoment correctly, and your proxy/firewall will also resolve all internal and external hosts.


Log in to reply