> > Doesn't this create a ton of DNS traffic traversing the firewall? >> > Why does it create any more DNS traffic than doing it any other way? > > I've actually got a decent sized block of public IP's to play with, so I will get started on this later in the week. The reason I am concerned about additional DNS traffic is the additional workload of a couple of thousand devices suddenly requesting name resolution. By doing it through AD only the AD name servers do the calls to the root-hints, then they cache that for the internal network.
Thanks Moshe, I'll follow up to the list to let everyone know how this worked out. I am considerably more optimistic about making this happen, and am once again amazed at how flexible pfSense is! Cheers,
