I’ve got a new pfsense box that i added for DNS and DHCP. I have some LAN clients that are part of a domain with a separate domain controller. After installing the pfsense device, those clients can no longer reach the domain controller for authentication. Everything else seems to be working, but obviously I missed some config settings. Google and chatgpt haven’t helped. Any suggestions on what I’m missing? Thanks!!
Any firewall rules might be causing issues?
Here is the error when I try to join the domain from the workstations:
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain “WCC.LOCAL”:
The error was: “DNS name does not exist.”
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.WCC.LOCAL
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
192.168.1.10
1.1.1.1
8.8.8.8
- One or more of the following zones do not include delegation to its child zone:
WCC.LOCAL
LOCAL
. (the root zone)
Found it. I had the IP of the DC listed in the tertiary position of the pfsense DHCP DNS servers list. Apparently, the workstations were not attempting to use that DNS server when trying to connect to the DC. I moved the IP of the DC to the primary position in the list and poof, the workstations find it now.
1 Like
When you have an AD server that should be handling the DNS and DHCP for the clients joined to AD.