pfSense - DNS redirect to local DNS server
-
Excellent, tyvm! ;)
-
A AndyRH referenced this topic on
-
A AndyRH referenced this topic on
-
A AndyRH referenced this topic on
-
J johnpoz referenced this topic on
-
A AndyRH referenced this topic on
-
A AndyRH referenced this topic on
-
@AndyRH Thank you for this post ! I have a question, with this solution pi-hole see only one IP "VLAN42 address" and not client IP ? It's correct ?
-
@fjmp24 No, a client on VLAN100 will be seen with its correct address. Any redirected (rouge) queries come from pfSense (42.1). I know it works because VLAN100 does not have ad filtering because 192.168.100.0/24 is in a group on PiHole to not do ad filtering.
-
Even though I have experimented a lot with PiHole a few years ago, and add filtering from many top firewall brands, the best thing to remove ads is Ad Blocker Ultimate plugin for Chrome.
Nothing passes through and free YouTube is possible. So it is worth to get and pay a little to help development as I did because it is simply outstanding. -
@AndyRH VLAN100 ?
-
@fjmp24 An example, one of my VLANs is VLAN100. VLAN42 (the meaning of Life, the Universe and Everything) is my primary VLAN and where the PiHoles reside.
-
@P-J said in pfSense - DNS redirect to local DNS server:
is Ad Blocker Ultimate plugin for Chrome.
And those browser plugs are a bit hard to run on say your roku stick.. Or some app your playing on your phone.. I use a browser plug for sure in my browser but dns filtering can be very helpful on stuff your network is doing that is not browser based, or even on browsers that do not allow for addons, etc..
-
@AndyRH Sorry but it doesn't work with me :-(
When I use the command :
- dig @1.2.3.4 google.fr, adguard display firewall address
- dig @adguard google.fr, adguard display client address
What is wrong ?
-
@fjmp24 no idea what your trying to do.. Have you setup redirection? @1.2.3.4 is not going to answer anything unless your redirecting or your dns is being redirected
And @aguard sure an the hell would never work.. Its not an IP address or a fqdn that could be resolved by anything.
-
@johnpoz Sorry I wrote my message quickly
I want to redirect all DNS requests to my internal DNS server Adguard Home.
I configured Adguard Home as DNS server in my DHCP servers so by default my devices use Adguard Home as DNS server.
Now I want to redirect DNS request that do not have Adguard Home as destination to Adguard Home.
I followed the procedure of @AndyRH but I have a name revolving problem. Adguard Home does not display names all the time. When I executes theses commands from a client device I have:- dig @1.2.3.4 google.fr, adguard displays firewall address
- dig @<Adguard home ip> google.fr, adguard displays client address
I think the problem is with the mappings rules but I don't know how to fix it. Ideas ? Thanks
-
@fjmp24 said in pfSense - DNS redirect to local DNS server:
adguard displays firewall address
What does this mean? You are seeing this error?
Would be helpful if you showed how you setup redirection, and the actual output of your dig command.
-
@johnpoz No I have not an error.
Dig response:
Adguard home log:
IP is my pfsense address.
My configuration:
The alias MAIN_Host_Shepheherd represents Adgaurd Home host.
-
@fjmp24 what do you think it would show? your doing an outbound nat that nats it to your main address..
-
@johnpoz Client IP
-
@fjmp24 not sure what that has to do with you... Your doing you have a outbound nat on man, that says any traffic to that main host, on dns ports to nat it to your main address..
Here I setup a quick port forward to my pihole... You can see it lists my client as who asked for it.
-
@johnpoz I created the same rules and I have not the same result
I disabled my outbound rule. Your DNS server is in LAN network ?
-
@fjmp24 well what are your firewall rules what order.
-
Adguard receives the request and resolves the hostname.
But client receives a bad response !? -
@fjmp24 said in pfSense - DNS redirect to local DNS server:
But client receives a bad response !?
You showed a timeout.. Is your adguard server on the same network as your client.. This whole thread has gone over exactly why that is a problem..
Your client is most likely not going to accept an answer when it thought it was asking 1.2.3.4 if the answer comes from the adguards server IP.
Put your aguard on a different vlan than your client, or let pfsense do the query, ie normal redirection is loopback, or as you were doing before do a outbound nat.
In my setup my client was 192.168.9.100, and the pihole I redirected to is on 192.168.3.10, different network..
-
@johnpoz Yes my adguard and my client are in the same network.
But AndyRH uses a "NAT / Outbound - These masquerade the IP address to make the client happy" to resolve this problem and I must to see the client IP in adguard home:
