4

I have a pfSense firewall and a Windows 2008 R2 DNS server. I'd really like my DNS server to respond to external queries for my subdomains. Right now, I'm using a 3rd party service for that.

Is there a way that I can have my 2008 server respond to DNS requests from "the world" while still keeping it behind the firewall?

I've only got one external IP, currently. If needed though, I could purchase a second if that'd help in this situation.

Andy
  • 195
  • 1
  • 1
  • 10
  • 1
    In almost ALL cases, it it better to host your Internet DNS with an external provider that is likely better at it then you are. You're good at your internal DNS, which needs to be separate and protected. External DNS needs to be redundant, reliable, and highly secured. DNS is the lifeblood of a modern network and often an important target for *bad* hackers... – Bret Fisher Oct 08 '12 at 03:42
  • How internal DNS can be configured that can response to external HTTP requests. just like it happens in web hosting companies. – sairfan Nov 09 '22 at 02:32

2 Answers2

5

You can just port forward TCP/UDP 53 to your server on your existing WAN IP, if you aren't already running a DNS server on that IP. But I wouldn't recommend doing that in most cases, it's better to keep your public and private DNS separate. Especially if you're running Active Directory, you'll expose a good deal of information about your internal network to the world if you open the DNS server serving your AD to the Internet.

Chris Buechler
  • 2,998
  • 14
  • 18
3

You can get an additional IP and 1:1 NAT the internal DNS server to the public IP and open port 53.

You should note that you should really separate your authoritative servers from your recursive resolvers. What you're proposing is technically possible, but is really bad practice for a number of reasons.

MDMarra
  • 100,734
  • 32
  • 197
  • 329