It would be nice if this was more focused How-To, rather than numerous off-topic offered unordered presentation. Maybe have organized points/topics upfront, then you can bring other topics into it, but in a more organized way. Diagrams would be nice as well. As for using AD DNS or other DNS outside of pfSense, at least in places where there can be frequent power outages (like Berkeley, CA), this gets painful to log in remotely to startup AD servers to get DNS back everytime power goes out. So I would prefer to have a firewall as a single source of truth, then forward to AD subdomain as needed, and forward to outbound WAN for everything else. For this video, I am sure it is useful information but just couldn't go through video. It's like reading random topics from reference manual in video format. I don't want to be discouraging, as I appreciate efforts to make such content, but also want to be honest in feedback.
Thank you for the feedback. The hangouts we used to do were kind of long and we understand there is a need for more concise how-to videos and we working to publish more of those. You can see the ones we have created under our Netgate Academy playlist. We will definitely take these suggestions under consideration for new videos.
@Vinícius Santana At 21:15 of the video, Domain Overrides are described. To use the Domain Override, you would point DNS on all your clients to pfSense/Unbound, and if your AD is for example AD.mydomain.com, then you setup a Domain Override in Unbound by providing the IP of your AD DNS, telling Unbound that it should query the AD DNS server for any queries in AD.mydomain.com. This way, any regular internet queries use Unbound proper, but for AD.mydomain.com, Unbound acts like a recursive (meaning it will resolve the query for the client) forwarder (meaning it will pass the query to the your AD DNS). Your clients would still be able to get all the AD DNS information, while not pointing directly to the AD DNS. As to the original question mentioning power outages, Unbound isn't a secondary and to keep DNS up over power outages, you need secondaries not on the same power grid. It is unclear if you could add a 2nd Domain Override for the same Domain (to some existing secondary). Another possible solution would be to add the Bind package to pfSense, and use it instead of Unbound for DNS resolution (you have to turn off the DNS Forwarder too). In the Bind DNS Server, you can add multiple forwarder IPs, which is similar to Domain Overrides, but would support secondary AD DNS servers, in addition to the Primary AD DNS.
I have configured OpenDNS Server on LAN with DHCP... I want to by pass an Alias from OpenDNS Server and I want to pass that Alias through GoogleDNS??? how to do it?
Do you know how to set up the pfsense DNS server as a secondary DNS server? I have a few domain names using my personal Windows server 2019 DNS server (at the data center location, MASTER DNS) to resolve IP for the public. Now, I want to set up secondary DNS (at the office location, SLAVE DNS) using pfsense to **replicate** the Windows Server 2019 DNS server. Do you know how?
DNS Resolver (Unbound) and DNS Forwarder (dnsmasq) cannot be a slave server because they are not authoritative DNS servers. If you want to do that, you will have to disable both DNS Resolver and DNS Forwarder, install the BIND 9 pfSense package and configure it as a slave server for your zone(s). Personally, I am not a big fan of having a complete BIND DNS server running on my firewall. I would advise to install BIND on a separate server, which can easily be a small VM.
This is exactly what I was looking for! Needed a trusted source of information on PFsense, a little more than what the docs has to offer. Thank you!
Video Starts at 4:25
Some network diagrams and shorter slides would be good. Thanks
It would be nice if this was more focused How-To, rather than numerous off-topic offered unordered presentation. Maybe have organized points/topics upfront, then you can bring other topics into it, but in a more organized way. Diagrams would be nice as well.
As for using AD DNS or other DNS outside of pfSense, at least in places where there can be frequent power outages (like Berkeley, CA), this gets painful to log in remotely to startup AD servers to get DNS back everytime power goes out. So I would prefer to have a firewall as a single source of truth, then forward to AD subdomain as needed, and forward to outbound WAN for everything else.
For this video, I am sure it is useful information but just couldn't go through video. It's like reading random topics from reference manual in video format. I don't want to be discouraging, as I appreciate efforts to make such content, but also want to be honest in feedback.
Thank you for the feedback. The hangouts we used to do were kind of long and we understand there is a need for more concise how-to videos and we working to publish more of those. You can see the ones we have created under our Netgate Academy playlist. We will definitely take these suggestions under consideration for new videos.
@Vinícius Santana At 21:15 of the video, Domain Overrides are described. To use the Domain Override, you would point DNS on all your clients to pfSense/Unbound, and if your AD is for example AD.mydomain.com, then you setup a Domain Override in Unbound by providing the IP of your AD DNS, telling Unbound that it should query the AD DNS server for any queries in AD.mydomain.com. This way, any regular internet queries use Unbound proper, but for AD.mydomain.com, Unbound acts like a recursive (meaning it will resolve the query for the client) forwarder (meaning it will pass the query to the your AD DNS). Your clients would still be able to get all the AD DNS information, while not pointing directly to the AD DNS. As to the original question mentioning power outages, Unbound isn't a secondary and to keep DNS up over power outages, you need secondaries not on the same power grid. It is unclear if you could add a 2nd Domain Override for the same Domain (to some existing secondary). Another possible solution would be to add the Bind package to pfSense, and use it instead of Unbound for DNS resolution (you have to turn off the DNS Forwarder too). In the Bind DNS Server, you can add multiple forwarder IPs, which is similar to Domain Overrides, but would support secondary AD DNS servers, in addition to the Primary AD DNS.
I have configured OpenDNS Server on LAN with DHCP... I want to by pass an Alias from OpenDNS Server and I want to pass that Alias through GoogleDNS??? how to do it?
Do you know how to set up the pfsense DNS server as a secondary DNS server?
I have a few domain names using my personal Windows server 2019 DNS server (at the data center location, MASTER DNS) to resolve IP for the public. Now, I want to set up secondary DNS (at the office location, SLAVE DNS) using pfsense to **replicate** the Windows Server 2019 DNS server. Do you know how?
DNS Resolver (Unbound) and DNS Forwarder (dnsmasq) cannot be a slave server because they are not authoritative DNS servers. If you want to do that, you will have to disable both DNS Resolver and DNS Forwarder, install the BIND 9 pfSense package and configure it as a slave server for your zone(s).
Personally, I am not a big fan of having a complete BIND DNS server running on my firewall. I would advise to install BIND on a separate server, which can easily be a small VM.