do you use DNS Forwarder or Resolver with a Lan Cache Server?

stephenw10

See: https://unbound.docs.nlnetlabs.nl/en/latest/topics/filtering/tags-views.html#views

You can't run both DNS services on the same port so to have both running you need to set one to a non-default port and then add port forwarding to it for the clients you want to use it.
Then you can have one service (probably Unbound) use the VPN for queries while the other one uses the system default, WAN.

That still doesn't help queries that go via Lancache that all leave via whatever route 192.168.0.33 is given.

This is a complex setup that I would expect to require significant tuning and troubleshooting.

Steve

comet424

ah ok so its not really fesable..

so... now i kinda confused so if the lancache uses 1.1.1.1 shouldnt WAN and VPN have no issues as its contacting 1.1.1.1 for its dns service?

and would it help if i had 2 lancaches

192.168.0.32     dns 1.1.1.1   (WAN)
192.168.0.33    dns 192.168.0.1   (VPN)

or do you still fall in the trap that the dns resolver is only set to the nordvpn outbound.
but then you run in issue not using the same cache dns...

since its complex its best to scrap idea maybe

its only most like you need 3 pfsenses
1 to go out the wan
1 does vpn
1 down the wan on the LAN
and the 2 would access the one going out the WAN like a tree

are there better solutions? how does that work when like say your vpn or ISP offers 2 dns's would that be like 2 pfsenses...

and i guess there is no way to setup outbound to all interfaces.. but also have no vpn leakage. like a block rule..
but im guessing thats not possible..

i just thinking of ideas.. and probably they dont exisit lol

stephenw10

@comet424 said in do you use DNS Forwarder or Resolver with a Lan Cache Server?:

so... now i kinda confused so if the lancache uses 1.1.1.1 shouldnt WAN and VPN have no issues as its contacting 1.1.1.1 for its dns service?

Yes, queries to 1.1.1.1 will work via either route but will connect to different servers and hence resolve in different locations. Services you connect to can see approximately where it was resolved so it they see your traffic coming from the US but DNS queries resolving in Europe you get flagged.

and would it help if i had 2 lancaches

192.168.0.32     dns 1.1.1.1   (WAN)
192.168.0.33    dns 192.168.0.1   (VPN)

Yes, that would probably work since you can then route traffic from one via the VPN.

At that point though it's easier to just pass the correct Lancache IP to clients to use for DNS directly. That removes the entire problem.

You should have two subnets for this though. That would be the first thing I would do. Get a managed switch and setup two VLANs.

comet424

ah ok lot to learn here i thought the dns stuff it could know if i accessed from pfsense from the
WAN range in aliases it would then dns resolve through WAN port and if it sees VPN range in aslias it would dns resolve through the vpn keeping both seperated... but i guess thats too much over head for the pfsense software to seperate probably .. and no one hungry to tackle that lol

so ive never played with vlans except i made a couple in interface section.. so never even used it.. so how would 2 subnets work and using 1 lancache to serve both cuz thats what i wanted 1 cache handles it all... and is there a certain managed switch to get i have looked them up kinda and there are so many L1 L2 L3 level something i dunno i just stuck with regular switch no managed.. dont even know what brand is good for home use

and when you say pass the correct lancache ip to clients do you mean like

all the ips in dhcp would get 192.168.0.33 if so i did that too but i was running into i dunno the lancache was getting overloaded.. sometimes pages wouldnt be found so i had to restart the lancache server.... and i still ran in the problem on WAN side amazon pages wouldnt load.. so id change the dns to 192.168.0.1 or it was 1.1.1.1 to go out the wan so i could use amazon...

vicious circle... but ya id look into a managed switch but i wouldnt know how to go past it as all i done was set up 2 vlans and i saw them in rules and that was it lol
so 0 experience there

stephenw10

@comet424 said in do you use DNS Forwarder or Resolver with a Lan Cache Server?:

how would 2 subnets work and using 1 lancache to serve both cuz thats what i wanted 1 cache handles it all...

You would need 2 caches or configure a single server in some way to send upstream queries via different routes depending on the source. It probably can't do that though.

@comet424 said in do you use DNS Forwarder or Resolver with a Lan Cache Server?:

when you say pass the correct lancache ip to clients do you mean like
all the ips in dhcp would get 192.168.0.33

Yes exactly. And clients from the other subnet would get the other lancache server.

comet424

ah can you do this

lancache be say on a Vlan
so 192.168.10.2 that uses WAN

and then say the VPN and non VPN you set the dns to 192.168.10.2

or that wouldnt work because of dns resolver is set for vpn outbound.

reason i doing all this is my internet in country is only 5mb down 500k up if i get that so i try to cache my windows updates and games for my vpn and non vpn.. as i dont live in town so i dont get what people in town get there like 25gb or faster internet or whatever they get...

i wonder how companies do it? or they dont

and ill look into getting a managed switch see what computer store has

comet424

does this work?

modem
"---------
pfsense #1 192.168.0.1 and dhcp range and connects to 192.168.0.33 lancahce
goes out the modem on WAN
"----------
pfsense #2 192.168.1.1 dhcp range.. and connects to 192.168.0.33 lancahce and goes out the VPN through pfsense #1

does that work?

or both can use 19.168.0.x #1 would use range 1-100 and #2 would use 192.168.0.101-254

just a thought dunno if it would work but your expert and i just learn as i go (:

stephenw10

The problem you have is that you need DNS queries to use the same route out as traffic. But you also need to send DNS queries via the LAN cache server so it can intercept and redirect requests for files it has stored.
What DNS server is Lancache running? Is it resolving or forwarding? It sounds like it's forwarding only. That means any queries sent to it that are not intercepted are forwarded to whatever it has set (1.1.1.1) via whatever route out it uses. That can only ever be one way so it will only ever work correctly with clients that are also using that route.
No commercial installs would ever be doing this.

Steve

comet424

ah ok so its only worth while 1 or the other.. vpn or nonvpn .. i guess in a commerical setup youd have 2 lancaches.. 1 for vpn and 1 for nonvpn and cuz u guys would have like 10xs faster then my internet you could host 2 lancaches cuz u could download installs faster then me.. here i tried to get a setup that served both.. vpn and non vpn on a 5mbp connection as it takes bloody forever for som game updates.. several days so i was hoping a simple solution 1 cache server and could cover both flawless

and i dunno what dns server its running it.. its just an all 1 wonder one person made
the doc info from the unraid cache says

An all in one lancache docker providing a combination of the following three projects:
https://github.com/lancachenet/lancache-dns
https://github.com/lancachenet/monolithic
https://github.com/lancachenet/sniproxy


Thanks to cheesemarathon for their work on the SteamCacheBundle that inspired this and provided the grounding for the template. Note, however, that this Docker image does not run at all the same way and is strictly based on the original upstream logcache project.


On start, this image will download the latest domain list from https://github.com/uklans/cache-domains. This means no constant upgrading of the docker image is necessary in order to guarantee continued usability

beyond my scope of understanding lol
and i guess like when you have your ISP and you get the 2 dns. thats be like having 2 lancaches.. if 1 failes flips to the other.. just with me internet so slow u have to dup download everything..

is there other solutions like other cache services you know of i know i read something about squid but never tried... i did try something and pfsense killed my usb learned to install pfsense on a ssd i think that was logs burned it out in a month lol...

but what do commerical installs do?

stephenw10

Commercial installs would just use one WAN connection so either all the traffic goes over a VPN or none of it does. Also they would have 100X the speed so local caching becomes irrelevant.
Squid really doesn't cache things like that well any longer and all the traffic from Squid itself always goes from a single interface so you have the same issue as soon as you want to split the traffic over a VPN.

Steve

comet424

ah ok so basiclly i just stuck.. its like 90s all i could get was 2.8k connection while people lived in town go cable modems and faster rates..
now i have similar to cable modems dsl and people in town have 10x or more faster rates lol vicious circle.

least its working the unbound stuff.. was main goal the 192.168.0.1 as dns so i not switching back and forth 192.168.0.1 and 192.168.0.33 just for each time gaming.. stick with either vpn or just wan

or maybe ill do 2 lancaches
1 for games and windows updates for WAN
1 for just windows updates on VPN as going through the vpn and gaming either doesnt work or lags alot.. i guess thats due to the overhead stuff vpn does

and i really appreciate the help and explaining things you done too it helps.. espcially when you dont understand all this stuff.. really like pfsense over my asus router so i greatly appreciate it (: