TheBlueRaja Posted November 16, 2015 Share Posted November 16, 2015 (edited) Hey All, I have home router running PfSense which acts as a DHCP Server and DNS server / Forwarder for my network and Android / Unix and Windows Clients. I use Windows Server 2012 R2 with Windows clients connected to it as a DC and Windows Server Essentials for Client backups etc. The problem i have is with windows clients that use the Windows Connector software, this software changes the DNS server settings on the network connections automatically to be the Windows Server, if I manually change it, it changes it back (eventually). This wouldn't be an issue if i could work out DNS resolution for non Windows clients on the network. I set up the Windows Server to forward (unknown) DNS requests to the PfSense box (as a DNS Forwarder), the windows server sees it and validates it successfully according and monitoring reports it passes both tests. I also changed the domain of the pfsense box to be the same as the Windows Server (homenet.local) thinking it would be part of the same search domain and more likely to resolve but it doesn't. The Windows server itself DOES resolve hostnames configured in DNS in the PfSense box, but that is because IT'S DNS server is the PFSense box, however clients do not despite PfSense being set as the forwarder. Below is an ipconfig /all of a client Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : HOMENET.local Description . . . . . . . . . . . : Marvell AVASTAR Wireless-AC Network Controller Physical Address. . . . . . . . . : 50-1A-C5-XX-XX-XX DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::31dd:XXXX:XXXX:XXXX(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.254.24(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 16 November 2015 22:17:46 Lease Expires . . . . . . . . . . : 18 November 2015 22:17:46 Default Gateway . . . . . . . . . : 192.168.254.1 DHCP Server . . . . . . . . . . . : 192.168.254.1 DHCPv6 IAID . . . . . . . . . . . : 555XXXX1 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-4A-40-39-XX-XX-XX-XX-XX-XX-XX DNS Servers . . . . . . . . . . . : fe80::5d5c:e452:XXXX:XXXX 192.168.254.157 NetBIOS over Tcpip. . . . . . . . : Enabled Here are my nslookups for a domain which should resolve C:\Users\xxxxx>nslookupDefault Server: UnKnownAddress: fe80::5d5c:e452:xxxx:xxxx > homeserverServer: UnKnownAddress: fe80::5d5c:e452:xxxx:xxxx *** UnKnown can't find homeserver: Non-existent domain> homeserver.homenet.localServer: UnKnownAddress: fe80::5d5c:e452:xxxx:xxxx *** UnKnown can't find homeserver.homenet.local: Non-existent domain> homeserver.homenetServer: UnKnownAddress: fe80::5d5c:e452:xxxx:xxxx *** UnKnown can't find homeserver.homenet: Non-existent domain Has anyone got any advice here on how i can, eh, resolve, this (ayyyyyyyyy- boom - tiss....) I need the Server to be able to say to the PfSense box - hey - what the IP for hostname homeserver and pass it back to a client. Any ideas? I'm a bit of a noob on Windows Server DNS which is why im mucking around in a Homelab. Thanks Link to comment Share on other sites More sharing options...
sc302 Veteran Posted November 16, 2015 Veteran Share Posted November 16, 2015 (edited) If you have AD, you have to use the windows AD server as the DNS server for it to properly resolve anything in that AD environment. You can use the dns forwarder in the dns properties to forward all other non AD requests to...this is how it works in the real world. PFSense dns is not ad integrated so it will not have all of the records needed for AD to function properly. I would set all clients, changing the DHCP'd dns settings, to use the AD DNS server. dns domain name should be that of your AD domain name...so that you can easily resolve without having to put in homenet.local after each client on the network. also you will want to have your dynamic updates in DNS to nonsecure and secure as the phones and what not will be nonsecure devices. if you don't want to mess with the nonsecure setting, you can try this..if you have the option in DHCP, not sure if you do as it isn't AD integrated: On the DHCP server via the DHCP MMC, do a Properties on the server object, then go to the DNS tab. Make sure Enable DNS dynamic ... is checked. The third option is Dynamically update A/PTR for clients that do not request updates, check that. Also verify that if you've statically assigned your OS X boxes that they have the correct DNS server(s). You should probably renew your DHCP lease or restart OS X after doing either one of these things. Edited November 16, 2015 by sc302 binaryzero 1 Share Link to comment Share on other sites More sharing options...
binaryzero Posted November 19, 2015 Share Posted November 19, 2015 ^^ Link to comment Share on other sites More sharing options...
Recommended Posts