pfSense » pfSense Packages

Cannot see how on earth is proper FQDN "incorrect" and localhost "correct" for a NS record anywhere but for localhost and 0.0.127.IN-ADDR.ARPA. Resolved WTF?

To better explain: in my PFsense environment, there are two nameservers:

- recursive nameserver bound to the private address of the firewall
- authoritative nameserver bound to the loopback address of the firewall

Clients on the network use the recursive nameserver for all queries. If a request is made for a domain that the authoritative nameserver handles, the recursive nameserver forwards that request to the authoritative nameserver.

In a nutshell, my PFsense env has two nameservers; since both nameservers cannot be bound to the same address I have elected to bind the authoritative nameserver to the loopback address. This is not a problem because the only queries ever made to the authoritative nameserver will come from the firewall.

In any case, I think the assumption that the nameserver for any zone is going to be the hostname of the firewall is problematic. What if this were a nameserver bound to a different IP address than that which corresponds to the FQDN of the firewall?

My humble suggestion would be to NOT use "Automatic PTR entry" in your highly weird environment that probably noone else uses.

Not particularly weird, it's really the only way to do split DNS on one box.

The difficulty is how TinyDNS could know which name is the correct one.

My recommendation would be to not auto-create the records, (ever, really), but if people really need it then the OP's suggestion of checking for an existing record first would be the way to go.