I’ve setup pfBlockerNG on my pfSense box & I’d like to use DNSBL option, but that requires pfSense to be the DNS server. I’m also running Samba as my AD/DC & it also needs to be the DNS server. How can I do both without screwing up the AD?
Technically pfsense is still a DNS server, your AD should be forwarding unknown requests to pfsense, who then forwards to your chosen web DNS for it’s unknown requests. Unless you are trying to block local devices which doesn’t make a lot of sense to me.
1 Like
Prior to installing pfBlockerNG, pfSense wasn’t a DNS server. The DC handled all of the requests. So I guess what you’re saying is I should now change the DC to forward requests to pfSense…?
Any advice on how to do that in Samba/BIND?
Yes, DNS should be layered unless you want to replicate the entire world worth of DNS entries. Your DC only needs to be authoritive to your local network to make the domain work, unless maybe all your machines are available directly from the web.
At least, that’s how I run my domain at work, and my even smaller one at home.