How to specify client's DNS Servers after being filtered by pfBlockerNG?
-
Hi everyone,
I am trying to redirect all DNS traffic to a different DNS Server for this particular client after pfBlockerNG has had a chance to filter the traffic.
Currently I have CloudFlare DNS Server set in General Settings - DNS Server Settings and would like this client to use different DNS Servers.- I tried specifying this particular client's DNS Servers in DHCP Server - Static Mappings Settings. It worked but this ignores all pfBlockerNG filtering rules.
- I tried copying the WAN Gateway in Routing Settings and specifying the new DNS Servers for it in General Settings. Then created a firewall rule for the client and setting the Gateway to this newly created Gateway. This worked but I am getting DNS leaks from both WAN Gateways set in DNS Server Settings in General Settings.
- I tried creating a NAT Port Forward rule for the particular client and targeted the new DNS Server. This worked but again ignores all pfBlockerNG filtering rules.
Currently I use DNS Resolver with unbound and I'm not sure if the Resolver or it's Custom Options are able accomplish this task. I would actually like this client to not use unbound or locally cached DNS queries but still be filtered by pfBlockerNG.
Anyone able to shed some light on whether any of this is possible?
Any and all help would be much appreciated!
-
@mtshifu trying to figure out what your trying accomplish.
So you want your client to ask pfblocker if this blocked, and if not then get the answer from cloudflare?
You want all clients to do this, or you want other clients to ask pfblocker, and then get answer from say quad9 or other? Or just resolve?
-
@johnpoz Currently I have it set up so every client gets filtered by pfblocker then uses CloudFlare DNS specified in general settings.
What I am trying to accomplish is for this particular client to get filtered by pfblocker, then use a different DNS server than CloudFlare (say Google for testing purposes). I still want everyone else to use CloudFlare.
If possible, I would also like this particular client to not use unbound to resolve any cashed DNS queries but still have pfblocker filter it.