Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    do you use DNS Forwarder or Resolver with a Lan Cache Server?

    Scheduled Pinned Locked Moved General pfSense Questions
    40 Posts 2 Posters 4.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      See: https://unbound.docs.nlnetlabs.nl/en/latest/topics/filtering/tags-views.html#views

      You can't run both DNS services on the same port so to have both running you need to set one to a non-default port and then add port forwarding to it for the clients you want to use it.
      Then you can have one service (probably Unbound) use the VPN for queries while the other one uses the system default, WAN.

      That still doesn't help queries that go via Lancache that all leave via whatever route 192.168.0.33 is given.

      This is a complex setup that I would expect to require significant tuning and troubleshooting.

      Steve

      1 Reply Last reply Reply Quote 0
      • C
        comet424
        last edited by comet424

        ah ok so its not really fesable..

        so... now i kinda confused so if the lancache uses 1.1.1.1 shouldnt WAN and VPN have no issues as its contacting 1.1.1.1 for its dns service?

        and would it help if i had 2 lancaches

        192.168.0.32     dns 1.1.1.1   (WAN)
        192.168.0.33    dns 192.168.0.1   (VPN)
        

        or do you still fall in the trap that the dns resolver is only set to the nordvpn outbound.
        but then you run in issue not using the same cache dns...

        since its complex its best to scrap idea maybe

        its only most like you need 3 pfsenses
        1 to go out the wan
        1 does vpn
        1 down the wan on the LAN
        and the 2 would access the one going out the WAN like a tree

        are there better solutions? how does that work when like say your vpn or ISP offers 2 dns's would that be like 2 pfsenses...

        and i guess there is no way to setup outbound to all interfaces.. but also have no vpn leakage. like a block rule..
        but im guessing thats not possible..

        i just thinking of ideas.. and probably they dont exisit lol

        stephenw10S 1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator @comet424
          last edited by stephenw10

          @comet424 said in do you use DNS Forwarder or Resolver with a Lan Cache Server?:

          so... now i kinda confused so if the lancache uses 1.1.1.1 shouldnt WAN and VPN have no issues as its contacting 1.1.1.1 for its dns service?

          Yes, queries to 1.1.1.1 will work via either route but will connect to different servers and hence resolve in different locations. Services you connect to can see approximately where it was resolved so it they see your traffic coming from the US but DNS queries resolving in Europe you get flagged.

          and would it help if i had 2 lancaches

          192.168.0.32     dns 1.1.1.1   (WAN)
          192.168.0.33    dns 192.168.0.1   (VPN)
          

          Yes, that would probably work since you can then route traffic from one via the VPN.

          At that point though it's easier to just pass the correct Lancache IP to clients to use for DNS directly. That removes the entire problem.

          You should have two subnets for this though. That would be the first thing I would do. Get a managed switch and setup two VLANs.

          1 Reply Last reply Reply Quote 0
          • C
            comet424
            last edited by

            ah ok lot to learn here i thought the dns stuff it could know if i accessed from pfsense from the
            WAN range in aliases it would then dns resolve through WAN port and if it sees VPN range in aslias it would dns resolve through the vpn keeping both seperated... but i guess thats too much over head for the pfsense software to seperate probably .. and no one hungry to tackle that lol

            so ive never played with vlans except i made a couple in interface section.. so never even used it.. so how would 2 subnets work and using 1 lancache to serve both cuz thats what i wanted 1 cache handles it all... and is there a certain managed switch to get i have looked them up kinda and there are so many L1 L2 L3 level something i dunno i just stuck with regular switch no managed.. dont even know what brand is good for home use

            and when you say pass the correct lancache ip to clients do you mean like

            all the ips in dhcp would get 192.168.0.33 if so i did that too but i was running into i dunno the lancache was getting overloaded.. sometimes pages wouldnt be found so i had to restart the lancache server.... and i still ran in the problem on WAN side amazon pages wouldnt load.. so id change the dns to 192.168.0.1 or it was 1.1.1.1 to go out the wan so i could use amazon...

            vicious circle... but ya id look into a managed switch but i wouldnt know how to go past it as all i done was set up 2 vlans and i saw them in rules and that was it lol
            so 0 experience there

            stephenw10S 1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator @comet424
              last edited by

              @comet424 said in do you use DNS Forwarder or Resolver with a Lan Cache Server?:

              how would 2 subnets work and using 1 lancache to serve both cuz thats what i wanted 1 cache handles it all...

              You would need 2 caches or configure a single server in some way to send upstream queries via different routes depending on the source. It probably can't do that though.

              @comet424 said in do you use DNS Forwarder or Resolver with a Lan Cache Server?:

              when you say pass the correct lancache ip to clients do you mean like
              all the ips in dhcp would get 192.168.0.33

              Yes exactly. And clients from the other subnet would get the other lancache server.

              1 Reply Last reply Reply Quote 0
              • C
                comet424
                last edited by

                ah can you do this

                lancache be say on a Vlan
                so 192.168.10.2 that uses WAN

                and then say the VPN and non VPN you set the dns to 192.168.10.2

                or that wouldnt work because of dns resolver is set for vpn outbound.

                reason i doing all this is my internet in country is only 5mb down 500k up if i get that so i try to cache my windows updates and games for my vpn and non vpn.. as i dont live in town so i dont get what people in town get there like 25gb or faster internet or whatever they get...

                i wonder how companies do it? or they dont

                and ill look into getting a managed switch see what computer store has

                1 Reply Last reply Reply Quote 0
                • C
                  comet424
                  last edited by

                  does this work?

                  modem
                  "---------
                  pfsense #1 192.168.0.1 and dhcp range and connects to 192.168.0.33 lancahce
                  goes out the modem on WAN
                  "----------
                  pfsense #2 192.168.1.1 dhcp range.. and connects to 192.168.0.33 lancahce and goes out the VPN through pfsense #1

                  does that work?

                  or both can use 19.168.0.x #1 would use range 1-100 and #2 would use 192.168.0.101-254

                  just a thought dunno if it would work but your expert and i just learn as i go (:

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    The problem you have is that you need DNS queries to use the same route out as traffic. But you also need to send DNS queries via the LAN cache server so it can intercept and redirect requests for files it has stored.
                    What DNS server is Lancache running? Is it resolving or forwarding? It sounds like it's forwarding only. That means any queries sent to it that are not intercepted are forwarded to whatever it has set (1.1.1.1) via whatever route out it uses. That can only ever be one way so it will only ever work correctly with clients that are also using that route.
                    No commercial installs would ever be doing this.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • C
                      comet424
                      last edited by

                      ah ok so its only worth while 1 or the other.. vpn or nonvpn .. i guess in a commerical setup youd have 2 lancaches.. 1 for vpn and 1 for nonvpn and cuz u guys would have like 10xs faster then my internet you could host 2 lancaches cuz u could download installs faster then me.. here i tried to get a setup that served both.. vpn and non vpn on a 5mbp connection as it takes bloody forever for som game updates.. several days so i was hoping a simple solution 1 cache server and could cover both flawless

                      and i dunno what dns server its running it.. its just an all 1 wonder one person made
                      the doc info from the unraid cache says

                      
                      An all in one lancache docker providing a combination of the following three projects:
                      https://github.com/lancachenet/lancache-dns
                      https://github.com/lancachenet/monolithic
                      https://github.com/lancachenet/sniproxy
                      
                      
                      Thanks to cheesemarathon for their work on the SteamCacheBundle that inspired this and provided the grounding for the template. Note, however, that this Docker image does not run at all the same way and is strictly based on the original upstream logcache project.
                      
                      
                      On start, this image will download the latest domain list from https://github.com/uklans/cache-domains. This means no constant upgrading of the docker image is necessary in order to guarantee continued usability
                      

                      beyond my scope of understanding lol
                      and i guess like when you have your ISP and you get the 2 dns. thats be like having 2 lancaches.. if 1 failes flips to the other.. just with me internet so slow u have to dup download everything..

                      is there other solutions like other cache services you know of i know i read something about squid but never tried... i did try something and pfsense killed my usb learned to install pfsense on a ssd i think that was logs burned it out in a month lol...

                      but what do commerical installs do?

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        Commercial installs would just use one WAN connection so either all the traffic goes over a VPN or none of it does. Also they would have 100X the speed so local caching becomes irrelevant.
                        Squid really doesn't cache things like that well any longer and all the traffic from Squid itself always goes from a single interface so you have the same issue as soon as you want to split the traffic over a VPN.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • C
                          comet424
                          last edited by

                          ah ok so basiclly i just stuck.. its like 90s all i could get was 2.8k connection while people lived in town go cable modems and faster rates..
                          now i have similar to cable modems dsl and people in town have 10x or more faster rates lol vicious circle.

                          least its working the unbound stuff.. was main goal the 192.168.0.1 as dns so i not switching back and forth 192.168.0.1 and 192.168.0.33 just for each time gaming.. stick with either vpn or just wan

                          or maybe ill do 2 lancaches
                          1 for games and windows updates for WAN
                          1 for just windows updates on VPN as going through the vpn and gaming either doesnt work or lags alot.. i guess thats due to the overhead stuff vpn does

                          and i really appreciate the help and explaining things you done too it helps.. espcially when you dont understand all this stuff.. really like pfsense over my asus router so i greatly appreciate it (:

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.