Panopticon 11-19-2007 09:15 PM

Win2k3 DNS + PFsense DNS Forwarder = No internal DNS resolution
Hey folks,

Long time reader, infrequent poster here. I seem to have a dilly of a pickle and I'm thinking I may have a unique setup. I'll first explain my LAN logical layout and then address the issue I'm having.

I'm by no means a network expert but I can stumble my way around one. Firstly I have my PFSENSE NAT/Firewall box. It provides DHCP info for the entire LAN and is set to act as DNS forwarder for external DNS requests(out to the interwebs). Secondly, I have a win2k3 server AD DC (Active Directory Domain Controller) and it acts as a DNS server for internal resolution. I have several winXP/Win2k machines that work well with this setup. I can resolve FQDN and access the internet just super.
My domain name is
My DNS server is (
My PFsense box is
My LAN scope is 192.168.1/24 with .1 through .10 excluded

Now here is my issue. I built a Gutsy Gibbon machine with the hopes of running a kerberos authenticated file server(Basically I want to authenticate against the AD DC to act as a file server for the domain users). Problem is, I can't resolve ANY internal DNS names, Fully Qualified or otherwise. I can access the internet just fine and resolve names such as google etc.. To me this indicates the DNS forwarder is ok, and my Ubuntu network settings are given correctly. is indicated as my DNS server, it just doesn't seem to work.

I've searched quite a bit trying to find a similar scenario, but as I mentioned before I think my setup is somewhat uncommon. If anyone has used a setup like this or may have any clue where I can start my troubleshooting would be a huge help.

All my issues seem to be with the ubuntu machine. Please let me know what info I may need to post

p.s. Oh I checked my /etc/resolv.conf file and the nameserver is indicated correctly as As is my understanding this file gets overwritten with DHCP info.


JimBass 11-19-2007 09:59 PM

You spelled out the problem yourself. is a DNS server, but only for addresses outside of your LAN. Your FQDN queries off the windows machines are going to the W2k3 server, which is using its info about the AD to answer the LAN queries. The Ubuntu machine it not a member of the domain at present, so it doesn't ask anything but the DNS server for the LAN FQDN addresses, and the DNS server doesn't have that info to give out. You have 2 simple solutions for this:

1) Add a package to the Ubuntu machine to either join the domain and get AD resolution through the 2k3 box, or at least to query a WINS server, which would also be the 2k3 server.

2) Set up the 2k3 box as the master for the LAN zone, and slave the zone on the box. That way when the Ubuntu box asks the DNS server, it can properly respond with an address.


