Netgate SG-1000 microFirewall

Author Topic: DNS and DHCP -> using different domains for each network - Bug #1819 - $150  (Read 386 times)

0 Members and 1 Guest are viewing this topic.

Offline CubedRoot

  • Jr. Member
  • **
  • Posts: 35
  • Karma: +2/-1
    • View Profile
One use case for me with pfSense is using it to service several functions in my lab.  I have a server co-located in a datacenter with a /28 of public IP's.  I have a pfSense appliance that is connected to the ISP at the datacenter that serves as my router, firewall, certificate server, DNS, DHCP, and several other functions for my lab.

My pfSense appliance has 7 additional physical nics that are connected to my hosts.   I have a separate network defined in pfSense for each of these physical nics, and the hosts will sometimes be KVM servers hosting quite a few VM's.  My network configuration looks like this (IP's and hostnames/domains sterilized for safety) :



Again, this is just a sample of how I have my lab setup, but the important parts are there.  I need the ability to use the DHCP server settings and set a hostname for each DHCP server in each of those LANs to provide my guests with the proper domain as outlined in the graphic above.  In the current state, pfSense will use whatever is set for the system domain name as what it provides to DHCP clients requesting it.  In my example above,  all of my DHCP clients would get a hostname of gitlab.mydomain.com  instead of what I want them to get (gitlab.infra.example.com).   There is a setting in the DHCP configurations to provide a domain name, but it doesn't work.

Likewise, I would want the DNS entry to be made on pfSense so that my DHCP clients have their properly desired FQDN entered into the DNS resolver for other clients on the network (my pfSense appliance is my main source of DNS for all machines attached to it).  In my desired state, any machine could resolve the DHCP client of gitlab.infra.example.com to its IP address of 172.16.1.110.  In the CURRENT state, pfSense will resolve that to gitlab.mydomain.com with IP 172.16.1.110

There is a Bug filed in Redmine that is eerily similar, and has been out there for SIX YEARS:  https://redmine.pfsense.org/issues/1819
I think this is very similar or exactly what I am running into.

It looks like there have been similar requests:
https://forum.pfsense.org/index.php?topic=119717.msg662371
https://www.reddit.com/r/PFSENSE/comments/5hj7r0/subdomain_per_interface/
https://www.reddit.com/r/PFSENSE/comments/7lpr5z/set_subdomain_depending_on_subnet/


I would be willing to start the bounty with $150, and hope others would kick in a little as well. 

Offline CubedRoot

  • Jr. Member
  • **
  • Posts: 35
  • Karma: +2/-1
    • View Profile
Found another Thread with a user experiencing the same type of issue:

https://forum.pfsense.org/index.php?topic=122409.msg676047#msg676047

Offline miken32

  • Jr. Member
  • **
  • Posts: 66
  • Karma: +3/-0
    • View Profile
    • Website
Found another Thread with a user experiencing the same type of issue:

https://forum.pfsense.org/index.php?topic=122409.msg676047#msg676047

So say you have DHCP servers on LAN and OPT1, with domains in the DHCP server set as lan.internal and opt1.internal, and the domain in general settings is pfsense.internal. Your problem is that DHCP clients are being registered on the pfSense's internal DNS as pc1.pfsense.internal instead of pc1.lan.internal?

(Important to note that the domain in DHCP is only intended for searches. So if you run `ping foo` you're going to ping either foo.lan.internal or foo.opt1.internal. It's working fine, you're just looking for it to do more than it currently is.)