Different DNS only for VPN Connections?
-
Hi,
I am a little bit lost trying to set up the following. I have a couple of clients that are only allowed to connect to the internet through an active VPN connection. This is working as intended so far. However, when I am doing a DNS Leak test with any of those clients it's always showing my ISPs DNS Servers as well. I'd like those clients to use the DNS Server of my VPN provider.Can anyone hint me towards the right solution, please?
Thanks!
Peter -
@user3124 It is easy, put this DNS-Server in the dhcp options for those hosts. You also could use google for those.
-
@bob-dig
thanks for the prompt reply. I've set the google DNS for testing purposes for one host like in the screenshot. After doing a dnsleak test from this host, it's still showing my ISPs DNS as well
-
@user3124 Look what dns server this host is using now. Maybe do a reboot of this host.
-
@bob-dig Seems I have been a little impatient. After running ipconfig /renew and nslookup on the host it's now showing only Googles DNS Servers in the leaktest
However, now my local domains were only reachable through IP and not by hostname. So I added the pfsense IP as DNS1 and Google as DNS2 ... seems to work so farThanks a lot
-
@user3124 said in Different DNS only for VPN Connections?:
So I added the pfsense IP as DNS1 and Google as DNS2 ... seems to work so far
Doesn't work that way.. You have no idea what NS a client will ask when you have more than 1 listed. Could be asking pfsense for something public, or could be asking google for something local.
If you want your clients to resolve local, and only ever get public dns from some specific public dns. Then point them "only" to a ns locally that can resolve your local stuff, and then forwards to what public dns you want them to resolve from.. Say your vpn dns.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
Doesn't work that way.. You have no idea what NS a client will ask when you have more than 1 listed. Could be asking pfsense for something public, or could be asking google for something local.
True, you can't do both reliably with two different servers.
So what john probably means is to use unbound in forwarding mode.
Is not having local DNS for those hosts really a problem? I would stick with that if I could, that's how I roll.
-
@johnpoz , @Bob-Dig
indeed it didn't work. Currently, I can either direct my VPN Clients directly to the VPN DNS which doesn't allow for local hostnames, or I use unbound which results in DNS leakage.I can't figure out how to tell pfsense to only forward public requests from VPN clients to the VPN DNS server. I can't just forward all DNS requests to the VPN DNS server as this was giving me strange issues with my voip pbx. I need to use the DHCP/PPP obtained DNS servers for regular clients.
Not having local DNS for the VPN clients isn't a huge deal, however it would be cool if it worked
-
@user3124 We've all been there but it is what it is.
