Jump to content
RESET Forums (homeservershow.com)

WS2012E with pfsense - DHCP and DNS questions


KiwiGlen
 Share

Recommended Posts

I've just added a Linux server to my network and I've been having some DNS issues with accessing it using its name, no problems with the IP address just the name.  nslookup returns the name if you enter the ip address but not the other way round.

 

In digging around I found this post: http://homeservershow.com/forums/index.php?/topic/5587-dns/ which links to an article that recommends that a DC should be the DNS server for the domain.

 

I've got a WS2012E server and a pfsense router and at the moment I've got DHCP running on the pfsense box and I've also got it setup as a DNS Forwarder.  I have pfsense box setup to register DHCP leases in the forwarder.  WS2012E DNS is setup (maybe incorrectly as I don't remember actually setting this up) to point to the pfsense for DNS. And all the client computers point to the WS2012E box for DNS.

 

So my question is should I be running DHCP and DNS from pfsense or the WS2012E box?  What are the advantages/disadvantages of each and what do people recommend?  Or do I just have a setup issue with DNS on the WS2012E box?

Link to comment
Share on other sites

  • Replies 23
  • Created
  • Last Reply

Top Posters In This Topic

  • jmwills

    4

  • ikon

    6

  • KiwiGlen

    5

  • jem101

    3

I think i had the same problem with 2012e and pfsense. Try disabling DNS rebinding checks under System > Advanced > Admin Access > DNS Rebind Check.

Link to comment
Share on other sites

In a domain environment it is almost essential that the W2012E server act as the DNS server on the network for all of the client PCs. The reason for this is that domain joined PCs need to lookup certain service records in DNS to be able to properly find resources (such as the server to authenticate log ins). When you set up the DNS role, all of these records and zones are properly configured however if your clients are not looking at the server as (ideally) their only means of resolving DNS requests then chances are they won't be able to find the result they need and at best performance will take something of a hit.The DNS server should be configured to forward unknown requests to a public DNS server (maybe Google on 8.8.8.8 or your ISP's DNS servers) or alternatively leave all the setting blank and it will rely on root hints.

 

Now DHCP is slighty less critical - best practice would have you also run this on the W2012E server because the way MS implemented the role means that it will automatically register the client machines in DNS for you properly - not all machines can do this themselves.

 

It sounds as if your Linux box is not registering properly in DNS, check that it is configured to use the W2012E box as its only DNS, also do the same for a workstation. Can you ping the Linux box just by its hostname and/or by the fully qualified internal name? What are you running nslookup on and which server is it looking to for resolution?

 

Lastly if you are using the W2012E server for DNS you may want to setup a reverse DNS zone for your domain on it. That should help with the IP to hostname resolution. These are not generally setup by default but if you are happy using Linux and nslookup, I doubt you will have any problems working out how to set it up (hint : DNS Console>Server Name >right-click>New Zone> follow through the wizard).

 

John

Link to comment
Share on other sites

OK I guess I should move DNS and DHCP onto the server then, looks like a job for tonight

Edited by KiwiGlen
Link to comment
Share on other sites

Just remember, if you're running DHCP on the server, then it needs to stay up all the time.

And if you're running it on the server... maybe you should install the WIndows Deployment Services role too (PXE/network boot for the win. Can install windows that way, or if you hack the restore disk, you can network boot it this way too!)

Link to comment
Share on other sites

Another thing you can do with DHCP is to set a really long Renewal Interval. I like to set mine to months, rather than hours or days. This can help overcome issues related to having only a single Windows DHCP Server (i.e. no backup Domain Controller).

Link to comment
Share on other sites

Very true. However, in some cases (rather, with some devices) this can cause issues... Or if you need to change settings with the DHCP server, you'll need to manually refresh the lease for the client machines.

Link to comment
Share on other sites

I haven't run into or heard of any devices that have issues, but I certainly couldn't rule it out. The manual refresh isn't an issue with most home environments I don't think. Also, with most devices, you could just leave them to do their normal refresh, at which point they would receive any updates to Lease Period. If there are DNS changes it would be advisable to refresh the DHCP clients. Probably the easiest thing is to just reboot them.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...