Hi folks, Im new to this forum but have been following Tom’s good work for quite a while and am a keen linux enthusiast.
I have a homelab with pfSense, a small bit of self hosthing, pihole, nextcloud, etc…
Ive been offered my first pfSense setup commission (yikes!!, some small palpations appearing but Im up for the challenge also). They have an AD setup and I seem to remember that AD likes to take complete control of DHCP and DNS for its network.
Can anyone recommend best practices for DHCP and DNS setup on pfSense where there is an AD controller on the LAN?
Here are my thoughts, please correct me if Im wrong.
pfSense → Services → DHCP Relay → [ip address of DC]
pfSense → System → General Setup → DNS Server → [ip address of the DC] or should I be using the DNS forwarder section for this.
Let Windows handle DHCP and DNS For each network where the systems are that need to connect to AD. You have have pfsense handle DNS / DHCP for the other networks, such as a guest network.
If the Windows domain controller is in the separate network than the workstations, then specify the IP helper address for DHCP relay agent. Otherwise, simply tell your Windows server to forward non-AD DNS requests to pfSense (pfBlockerNG) or Pi-Hole.
Thank you all for your comments, I guess starting out its all a bit daunting. The skills needed to troubleshoot all the different factors need to be learned over time.
What I did was install GNS3 and setup a virtual environment and had a bit of fun with that.
172.20.1.1 is the OPNsense (formerly pfSense) router for DNS. For example, if google.comis not listed in my172.20.1.2` DNS server, that DNS server will forward the request over to OPNsense. pfSense will forward the requests to NextDNS and will return an IP address back to the host.