DNS Best Practice Setup


(Xavier Perry) #1

Hello Everyone,

I wanted to know if anyone can advise me as to perhaps a better way to optimize my DNS set up for my home network. Currently I have my Nethserver as the primary DNS server for all of my internal systems/clients, and a Pfsense firewall as my gateway and secondary DNS server. Everything is working correctly, but I’m wondering if there is a better way to configure everything for faster performance. I wanted to have Nethserver as the primary DNS to be able to resolve internal names, and the Pfsense DNS is set to resolve while looking to OpenDNS servers for external requests/queries for speed and light filtering. I know that’s a lot of hops to make but don’t want to sacrifice name resolution for internal client names. Any advice would be appreciated.

Thank you very much in advance.

(Rob Bosch) #2

Looks as a fine strategy to me. Keep in mind that priority in dnsmasq on NethServer seems to be reverted. Nethserver DNS primary and secondary server entries have mixed priorities in dnsmasq?
I hope that will get solved so the priorities are clear.

(Gabriel GHEORGHIU) #3

In my opinion, this is the best strategy.
I use the same scenario at work with no problems for many years, regardless of the combination used for internal DNS / Gateway-DNS external.

(Mark Edworthy) #4

Nice and simple DNS configuration. However (as I have stated within previous threads), I like the usage of reverse lookups and master / slave DNS replication, therefore prefer to use Bind9 services instead of the DNSMasq daemon.

(Davide Principi) #5

I don’t know if it’s your case, but with an Active Directory accounts provider a secondary and non-AD aware DNS could lead to problems.

All AD members should have only AD-aware DNS, like NethServer.

(Xavier Perry) #6

Thank you for all of your help everyone.

(Rob Bosch) #7

You can always make pfsense AD aware (but still need AD DNS for your LAN)