Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense - DNS redirect to local DNS server

    Scheduled Pinned Locked Moved NAT
    natdnsmasqueradepihole
    32 Posts 7 Posters 9.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fjmp24 @AndyRH
      last edited by

      @AndyRH VLAN100 ?

      AndyRHA 1 Reply Last reply Reply Quote 0
      • AndyRHA
        AndyRH @fjmp24
        last edited by

        @fjmp24 An example, one of my VLANs is VLAN100. VLAN42 (the meaning of Life, the Universe and Everything) is my primary VLAN and where the PiHoles reside.

        o||||o
        7100-1u

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @P.J
          last edited by johnpoz

          @P-J said in pfSense - DNS redirect to local DNS server:

          is Ad Blocker Ultimate plugin for Chrome.

          And those browser plugs are a bit hard to run on say your roku stick.. Or some app your playing on your phone.. I use a browser plug for sure in my browser but dns filtering can be very helpful on stuff your network is doing that is not browser based, or even on browsers that do not allow for addons, etc..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          F 1 Reply Last reply Reply Quote 0
          • F
            fjmp24 @johnpoz
            last edited by

            @AndyRH Sorry but it doesn't work with me :-(

            When I use the command :

            • dig @1.2.3.4 google.fr, adguard display firewall address
            • dig @adguard google.fr, adguard display client address

            What is wrong ?

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @fjmp24
              last edited by

              @fjmp24 no idea what your trying to do.. Have you setup redirection? @1.2.3.4 is not going to answer anything unless your redirecting or your dns is being redirected

              And @aguard sure an the hell would never work.. Its not an IP address or a fqdn that could be resolved by anything.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              F 1 Reply Last reply Reply Quote 0
              • F
                fjmp24 @johnpoz
                last edited by

                @johnpoz Sorry I wrote my message quickly

                I want to redirect all DNS requests to my internal DNS server Adguard Home.

                I configured Adguard Home as DNS server in my DHCP servers so by default my devices use Adguard Home as DNS server.

                Now I want to redirect DNS request that do not have Adguard Home as destination to Adguard Home.
                I followed the procedure of @AndyRH but I have a name revolving problem. Adguard Home does not display names all the time. When I executes theses commands from a client device I have:

                • dig @1.2.3.4 google.fr, adguard displays firewall address
                • dig @<Adguard home ip> google.fr, adguard displays client address

                I think the problem is with the mappings rules but I don't know how to fix it. Ideas ? Thanks

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @fjmp24
                  last edited by

                  @fjmp24 said in pfSense - DNS redirect to local DNS server:

                  adguard displays firewall address

                  What does this mean? You are seeing this error?

                  unexpected.jpg

                  Would be helpful if you showed how you setup redirection, and the actual output of your dig command.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  F 1 Reply Last reply Reply Quote 0
                  • F
                    fjmp24 @johnpoz
                    last edited by fjmp24

                    @johnpoz No I have not an error.

                    Dig response:
                    e6014a1d-6023-428d-aa5f-be943297345b-image.png

                    Adguard home log:
                    792dc93e-6f3e-4879-bd45-988ba9ecc4bc-image.png

                    IP is my pfsense address.

                    My configuration:

                    d59edbba-4755-46de-a92a-22bfc5c4f3d5-image.png

                    ad2e93af-c4e3-41cb-9e09-ac85601f804d-image.png

                    d44ac2b9-ef1e-42e5-b5a6-3e99062b928a-image.png

                    The alias MAIN_Host_Shepheherd represents Adgaurd Home host.

                    johnpozJ 1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator @fjmp24
                      last edited by

                      @fjmp24 what do you think it would show? your doing an outbound nat that nats it to your main address..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      F 1 Reply Last reply Reply Quote 0
                      • F
                        fjmp24 @johnpoz
                        last edited by fjmp24

                        @johnpoz Client IP

                        6f96892b-c97a-4740-af60-670f2f7df600-image.png

                        johnpozJ 1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator @fjmp24
                          last edited by johnpoz

                          @fjmp24 not sure what that has to do with you... Your doing you have a outbound nat on man, that says any traffic to that main host, on dns ports to nat it to your main address..

                          Here I setup a quick port forward to my pihole... You can see it lists my client as who asked for it.

                          redirect.jpg

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          F 1 Reply Last reply Reply Quote 1
                          • F
                            fjmp24 @johnpoz
                            last edited by

                            @johnpoz I created the same rules and I have not the same result

                            62acdc61-1697-4663-87e7-afd24b03ce22-image.png

                            I disabled my outbound rule. Your DNS server is in LAN network ?

                            johnpozJ 1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator @fjmp24
                              last edited by

                              @fjmp24 well what are your firewall rules what order.

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              F 1 Reply Last reply Reply Quote 0
                              • F
                                fjmp24 @johnpoz
                                last edited by fjmp24

                                @johnpoz

                                33e1b916-2a52-4c52-90f0-0aa1978c0dd9-image.png

                                a9f99445-2b43-4d2f-9e20-08985698d6dc-image.png

                                462c771b-f529-4436-8c03-e219ce9bb389-image.png

                                Adguard receives the request and resolves the hostname.
                                But client receives a bad response !?

                                johnpozJ 1 Reply Last reply Reply Quote 0
                                • johnpozJ
                                  johnpoz LAYER 8 Global Moderator @fjmp24
                                  last edited by johnpoz

                                  @fjmp24 said in pfSense - DNS redirect to local DNS server:

                                  But client receives a bad response !?

                                  You showed a timeout.. Is your adguard server on the same network as your client.. This whole thread has gone over exactly why that is a problem..

                                  Your client is most likely not going to accept an answer when it thought it was asking 1.2.3.4 if the answer comes from the adguards server IP.

                                  Put your aguard on a different vlan than your client, or let pfsense do the query, ie normal redirection is loopback, or as you were doing before do a outbound nat.

                                  In my setup my client was 192.168.9.100, and the pihole I redirected to is on 192.168.3.10, different network..

                                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                                  If you get confused: Listen to the Music Play
                                  Please don't Chat/PM me for help, unless mod related
                                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                                  F 1 Reply Last reply Reply Quote 0
                                  • F
                                    fjmp24 @johnpoz
                                    last edited by

                                    @johnpoz Yes my adguard and my client are in the same network.

                                    But AndyRH uses a "NAT / Outbound - These masquerade the IP address to make the client happy" to resolve this problem and I must to see the client IP in adguard home:

                                    b44cd758-195c-4c8f-ac1b-8c3f60e2e662-image.png

                                    johnpozJ 1 Reply Last reply Reply Quote 0
                                    • johnpozJ
                                      johnpoz LAYER 8 Global Moderator @fjmp24
                                      last edited by

                                      @fjmp24 yup that will work - but your adguard is going log that pfsense IP asked for whatever, not your client.. You can't have both.

                                      Simple solution is just move your adguard to a different vlan.. Problem solved. You can redirect, and will log your clients IPs

                                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                                      If you get confused: Listen to the Music Play
                                      Please don't Chat/PM me for help, unless mod related
                                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                                      F 1 Reply Last reply Reply Quote 0
                                      • F
                                        fjmp24 @johnpoz
                                        last edited by

                                        @johnpoz I created a VLAN for Adguard and all works Thanks Sorry for my newbie questions

                                        johnpozJ 1 Reply Last reply Reply Quote 0
                                        • johnpozJ
                                          johnpoz LAYER 8 Global Moderator @fjmp24
                                          last edited by

                                          @fjmp24 no problem - glad you got it sorted.. Maybe next time just do a bit of searching on the forum ;) Many many of these questions come up all the time.. And have been answered multiple times ;)

                                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                                          If you get confused: Listen to the Music Play
                                          Please don't Chat/PM me for help, unless mod related
                                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                                          1 Reply Last reply Reply Quote 0
                                          • AndyRHA AndyRH referenced this topic on
                                          • AndyRHA AndyRH referenced this topic on
                                          • AndyRHA AndyRH referenced this topic on
                                          • AndyRHA AndyRH referenced this topic on
                                          • A
                                            Antibiotic @AndyRH
                                            last edited by

                                            @AndyRH Are you going to connect pihole to pfSense over WAN or LAN ethernet?

                                            pfSense plus 24.11 on Topton mini PC
                                            CPU: Intel N100
                                            NIC: Intel i-226v 4 pcs
                                            RAM : 16 GB DDR5
                                            Disk: 128 GB NVMe
                                            Brgds, Archi

                                            AndyRHA 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.