Switching from pfSense to Windows AD for DHCP & DNS

  • Hi, I am new to pfSense.  I recently bought a used server on eBay and I have ESXi 6 installed with a handful of virtual machines running on them.  I followed this guide to setting up pfSense in ESXi  https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5 and I have 2 Windows Server 2012 R2 VMs, a couple of Windows 10 VMs, and one Windows Server 2016 VM all up and running on an isolated subnet from my home network.  They all have internet access through pfSense with default settings.

    This is how I have pfSense currently setup along with my ESXi network.

    My goal is to create a lab network completely separate from my home network and use Windows Active Directory.  Currently pfSense is issuing IP addresses.  My question is, what is the best way of going about setting up my Windows Servers as Domain Controllers with AD, DHCP, and DNS roles, and disabling DHCP and DNS in pfSense?

    I hope this make sense.  It's probably an easy question, but I don't want to enable DHCP and DNS on the Windows Servers first and have them conflict with pfSense, and if I disable these functions in pfSense first, I don't want to loose internet access or the ability to connect to the pfSense interface.

    Thank you,

  • let the run none-overlapping pools. so lets say pfSense from .10->.20 & windoze .30->.40

  • LAYER 8 Netgate

    That's not what he's asking for.

    DNS running on the second pfSense interface (OPT1) doesn't matter because it will only do anything if the hosts on that subnet have it configured as their DNS server. Just don't do that. You could, in fact, set your hosts to use the DCs for DNS then have the DCs forward to pfSense for actual Internet DNS resolution.

    When you create an OPT1 interface a DHCP server is not created automatically so there will be no DHCP server so no problem. If you want to just use LAN that was automatically created, got to Services > DHCP Server and disable it. Configure your DC DHCP server to give your AD clients the addresses of your DCs for DNS.

    Neither has anything to do with whether you have internet access or not, other than without good DHCP and DNS, which should be provided by the DCs, the internet won't work.

Log in to reply