Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to specify client's DNS Servers after being filtered by pfBlockerNG?

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 343 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mtshifu
      last edited by

      Hi everyone,
      I am trying to redirect all DNS traffic to a different DNS Server for this particular client after pfBlockerNG has had a chance to filter the traffic.
      Currently I have CloudFlare DNS Server set in General Settings - DNS Server Settings and would like this client to use different DNS Servers.

      • I tried specifying this particular client's DNS Servers in DHCP Server - Static Mappings Settings. It worked but this ignores all pfBlockerNG filtering rules.
      • I tried copying the WAN Gateway in Routing Settings and specifying the new DNS Servers for it in General Settings. Then created a firewall rule for the client and setting the Gateway to this newly created Gateway. This worked but I am getting DNS leaks from both WAN Gateways set in DNS Server Settings in General Settings.
      • I tried creating a NAT Port Forward rule for the particular client and targeted the new DNS Server. This worked but again ignores all pfBlockerNG filtering rules.

      Currently I use DNS Resolver with unbound and I'm not sure if the Resolver or it's Custom Options are able accomplish this task. I would actually like this client to not use unbound or locally cached DNS queries but still be filtered by pfBlockerNG.

      Anyone able to shed some light on whether any of this is possible?

      Any and all help would be much appreciated!

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @mtshifu
        last edited by

        @mtshifu trying to figure out what your trying accomplish.

        So you want your client to ask pfblocker if this blocked, and if not then get the answer from cloudflare?

        You want all clients to do this, or you want other clients to ask pfblocker, and then get answer from say quad9 or other? Or just resolve?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        M 1 Reply Last reply Reply Quote 0
        • M
          mtshifu @johnpoz
          last edited by

          @johnpoz Currently I have it set up so every client gets filtered by pfblocker then uses CloudFlare DNS specified in general settings.

          What I am trying to accomplish is for this particular client to get filtered by pfblocker, then use a different DNS server than CloudFlare (say Google for testing purposes). I still want everyone else to use CloudFlare.

          If possible, I would also like this particular client to not use unbound to resolve any cashed DNS queries but still have pfblocker filter it.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.