I have been scouring Google and YouTube trying to find a good tutorial on how to configure a split DNS and use PFSense.
I am using DigitalOcean to resolve DNS outside my firewall and I have a wildcard entry for each of my domains pointing to my PFSense firewall static IP. I also am running a self-hosted nameserver to host all my internal servers. I plan to follow the HAProxy and Lets Encrypt Tutorial to try to expose the desired services to the internet.
Where I am falling down is how to configure PFSense to resolve the back-end domain names from my internal name-server whether the request comes from internal or external. Although I am not wanting to put my local name-server on the internet and want to continue to use an external name server to wildcard resolution to my static WAN ip. I just want everything in the internal side of the firewall to check the local name-server first then go to an external DNS for anything not listed in the local name-server. I have to believe this is a pretty common ask but the answer might be just to obvious for me to grasp.
I am not sure if I should set-up the DNS server settings in the “General Setup” so that the local name-server, 192.168.25.2, is listed first followed by the external name-server, 8.8.8.8, as the second. I believe this forces PFSense to check the local first and if unresolved checks the next name-server.
Would that force HAProxy to resolve the back-end server via the local domain server before checking the external? I would expect that internal requests would then resolve to the local ip and external request would hit the wan interface and HAProxy would check the local for the back-end and redirect to the correct server.
Also, Internal dhcp clients would get the local name-server server to it as the first entry for resolving host names and the external for the second.
Do I have this right? Is there a tutorial that describes how to do this that is a little better that checking the NAT reflection box?