Hi folks, Im new to this forum but have been following Tom’s good work for quite a while and am a keen linux enthusiast.
I have a homelab with pfSense, a small bit of self hosthing, pihole, nextcloud, etc…
Ive been offered my first pfSense setup commission (yikes!!, some small palpations appearing but Im up for the challenge also). They have an AD setup and I seem to remember that AD likes to take complete control of DHCP and DNS for its network.
Can anyone recommend best practices for DHCP and DNS setup on pfSense where there is an AD controller on the LAN?
Here are my thoughts, please correct me if Im wrong.
pfSense → Services → DHCP Relay → [ip address of DC]
pfSense → System → General Setup → DNS Server → [ip address of the DC] or should I be using the DNS forwarder section for this.
If the Windows domain controller is in the separate network than the workstations, then specify the IP helper address for DHCP relay agent. Otherwise, simply tell your Windows server to forward non-AD DNS requests to pfSense (pfBlockerNG) or Pi-Hole.
172.20.1.1 is the OPNsense (formerly pfSense) router for DNS. For example, if google.comis not listed in my172.20.1.2` DNS server, that DNS server will forward the request over to OPNsense. pfSense will forward the requests to NextDNS and will return an IP address back to the host.