Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best practice - DNS in a multi-site network?

    Scheduled Pinned Locked Moved DHCP and DNS
    2 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fitzy89
      last edited by

      Hi all

      This is more of a post I'm hoping to learn from rather than to solve a problem at this stage.

      I'm new to VPNs and I'm trying to experiment with some things in my home lab to better my knowledge of networking.

      I've thought of two scenarios and I am looking for the best 'industry standard' way of doing things.

      Scenario 1:
      A network with two sites, Site A (main office) and Site B (branch office). Both sites connected by a OpenVPN tunnel between two pfSense routers. DHCP and DNS are handled by pfSense at both sites. How would I ensure proper internal DNS resolution across the tunnel? So for example if I were to ping a machine by hostname which is located at Site B, from Site A and vice versa, how should DNS be configured to resolve the name on a different subnet?

      Scenario 2:
      A Windows network with two sites, Site A (main office) and Site B (branch office). Both sites connected by a OpenVPN tunnel between two pfSense routers. DHCP and DNS are handled by the Windows Domain Controller at Site A, DHCP and DNS are handled by pfSense at Site B. How should I configure Site B to register internal DNS names on the PDC at Site A to ensure the Windows Domain functions work correctly?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Well for starters pfsense dns servers dnsmasq or unbound are not really meant as authoritative servers, and do not do zone transfers..  Not really something I would use in a production/enterprise dns setup to be honest.  But if you want you really should have different fqdn for each site..  So for host in site A, host.sitea.domain.tld and in site B it would be host.siteb.domain.tld  They could be same parent domain that way, or could just be host.siteadomain.tld and sitebdomain.tld etc..

        You would then create domain overrides pointing to pfsense at the other site for the domain in question.

        In scenario 2, to be honest you really should have a DC at that branch site..  If your not going to use a DC at that site, I would have your clients use both dhcp and dns from the main site DC, and would not use dhcp or dns on pfsense at all in this remote site.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.