I have an internal DNS server that uses BIND and I also set up my PFSense instance as suggested in 2020 Getting started with pfsense 2.4 Tutorial: Network Setup, VLANs, Features & Packages.
So, from my understanding which is limited, PFSense can handle DNS for internal servers without the need of an actual DNS server outside of itself? The reason I ask is because following the HAProxy tutorial, when it’s time to check DNS let’s say something.domain.com in Toms example, it shows the internal IP address he set up from the host override but when I do it on my end it’s trying to find that DNS entry externally and fails so I assume I have my PFSense DNS set up wrong and need to fix it so everything processes it’s DNS via PFSense.
So my question is, can I eliminate my Internal DNS server and simply set up all DNS on PFSense so ALL DNS is processed by PFSense unless it is external and if so, can someone direct me to something that shows how this is done. I wish I knew the proper terminology so I can search for it myself but wanted the proper information so I know for future reference.
Internal DNS for internal hosts should be done on pfsense. If you are exposing services publicly to the internet then you’ll need to have an external DNS service like cloudflare to set DNS records for the domain that you purchased to point to your public IP address.
Correct. The internal DNS I have a DNS server but nothing external. I believe the tutorial was for internal use as well although he did mentioned he could be done for external use as well. I guess what I am asking is how to do the internal DNS on PFSense without needing the Internal DNS server I have.
Right now, I have a BIND server using domain.co and it’s just for internal servers. I can set up the same on PFSense I assume?
awx.domain.co
monitoring.domain.co
I just don’t know what I’m looking for in terms of setting that up.
I’m learning. The bind server I set up was done following a HowTo and I got it to work and learned how to update records etc but I’m still new to pfsense. I know there is a bind server and bind resolver but I’m wondering how I can remove the DNS host itself and do it all in pfsense. I assume that is the host overrides but not 100% sure. I just want confused following the HowTO for the HAProxy set up. I think I have to point all the hosts to PFSense and use the host overrides and be done with it.
That is interesting. Yeah, manually setting up host overrides should do it for you. Just play around with it and you’ll see how easy it is.
And yes, you’ll want to setup DHCP to point clients to your pfsense box instead of your bind server. After you test everything you can power off your bind server or leave it running.
Yeah that has been working so far. I never thought about it until I ran into that video and said oh we can do DNS here. It’s internal so I rather have it all in one place.
Basically, what I had to do was create a domain name under Domain Override with the domain name I wanted to use for the internal DNS which doesn’t have to be an actual real domain name since this is not going to be used publicly and the IP for it I used for it to route the DNS via the router itself was the default gateway IP. For exmaple:
That IP range is one of the ones I created internally for the office VLAN which. My issues was that I did not have a domain override set up so the domain used in the search in /etc/resolv.conf which was hovinfra.com wasn’t reaching out to anything externally and once I added the domain override boom it worked. This worked before but I had a VM running BIND for internal DNS but moved the DNS over to pfsense to manage it all in one place without the extra DNS host but failed to create the host in pfsense.
Thank you for that information I really appreciate it! I wasn’t aware that was a public range for them. The IP I got from them was way different so I figured I could use that since it was internal and never would touch the outside world. But, based on this new information I’ll work on making those changes internally.
Thank you for the info! These were the steps I did before for the host overrides but the reason it wasn’t working is because I did not have a domain override and once I added that everything else started working properly again.