Hi all !
Im at the end of my DNS-understanding of pfSense ;-)
Ok, not that bad, but:
I got a Domain-Controller that hosts a DNS-Server in my LAN for my local domain. This DC forwards unknown DNS-requests to my pfSense, which gets the DNS from my ISP.
If you want to resolve internal machines then DHCP or whatever you use to allocate IP addresses needs to point at the domain controller (even if you have a load problem with your DC unless you have it providing DNS for a huge network it should just be a drop in the sea). I suggest that you then look at the configuration of your DC to pass off it's unanswered requests to the ISP's DNS. As the DC's DNS should cache I can see no point in using the DNS-Forwarder.
As a bit of a control freak I tend to shy away from the ISP's DNS (I have had it change IP address and lost it before now [yes I know it is not a problem if you pick it up from DHCP but I had static IP addresses] I've also had the ISP's DNS unable to resolve stuff that I can resolve from my own DNS) your dns has the power, be safe look it up for yourself is my advice
In pfSense I have configured the DNS-Forwarder so that it resolves DNS-requests from the DC.
In General-Setup I have set my internal DNS and activated the option "Allow DNS server list to be overridden by DHCP/PPP on WAN"
Now when I look at ARP-tables or Routing table pfSense does not resolve my hostnames (which are hosted on my DC) but shows "localhost" for all hosts except some ISPs adresses.
Seems logical to me at all, but at another location it works without these localhost-problems, it is resolved correctly...
I also would like to have my IPs / localhosts ;-) resolved correctly and for that already entered an override domain in pfSenses DNS-forwarder for my local domain by domainname (xyz.xyz).
It does not work... even if I ping my DC from pfSenses shell with the fqdn it tells me "ping: cannot resolve server.xyz.xyz: Unknown host" (btw. how can I nslookup under BSD ? [command unknown]).
When I disable the checkbox "Allow DNS server list to be overridden..." it works well, it resolves my hosts and everything, but what happens with the DNS-forwarder in the pfsense ?
Does it redirect all DNS-requests to my DC by now ? How is DNS-traffic handled then ?
I want to resolve DNS-traffic over my ISPs DNS-servers, not the root DNS servers as I support it happens when I disable this option ?
I'm a bit ittitated because at another location it works, but not at mine...
What's the clue ?
Looking forward to some hints !
Thanks in advance...
Martin
