Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    General DNS settings vs DHCP Server DNS Settings for Virtual IP?

    Scheduled Pinned Locked Moved pfBlockerNG
    5 Posts 3 Posters 366 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TechNetwork1
      last edited by

      I followed a tutorial and setup pfBlockerNG with my DNSBL Webserver virtual IP address set at 10.10.10.1. I currently have 5 interfaces (LAN and my 4 VLANs: Private, Office, IoT and Guest) and realized I can apply this virtual IP to the general settings or individually via the DHCP server for each interface. If I intend of having my entire network use DNSBL is it best practice to just enter the virtual IP in the general setup DNS settings? Will the general settings override the individual DHCP servers settings or should I simply configure 10.10.10.1 to all locations? Thanks for any help and additional knowledge on this topic.

      System --> General Setup --> DNS Server Settings --> 10.10.10.1

      and/or

      Services --> DHCP Server --> (LAN, Private, Office, IoT, Guest) --> 10.10.10.1

      A johnpozJ 2 Replies Last reply Reply Quote 0
      • A
        Antibiotic @TechNetwork1
        last edited by

        @TechNetwork1 As i know pfblockerNG hardcoded with unbound, according of this you should monitoring on localhost and your interfaces only in Unbound DNS resolver that all.

        pfSense plus 24.11 on Topton mini PC
        CPU: Intel N100
        NIC: Intel i-226v 4 pcs
        RAM : 16 GB DDR5
        Disk: 128 GB NVMe
        Brgds, Archi

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @TechNetwork1
          last edited by

          @TechNetwork1 said in General DNS settings vs DHCP Server DNS Settings for Virtual IP?:

          10.10.10.1

          Not how it works.. That 10.10.10.1 vip is where a block sends client when they look up something that is blocked to get a block page.. That is not the IP you would point to for dns clients. You would point your clients to pfsense IP that unbound is listening on.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          T 1 Reply Last reply Reply Quote 0
          • T
            TechNetwork1 @johnpoz
            last edited by

            @johnpoz Ok so I originally had Quad9 (9.9.9.9) entered in the General Setup and DHCP Server configuration page. Nothing was being blocked but once I entered 10.10.10.1 in the DCHP Server configuration page, DNSBL started blocking which lead me to believe I was on the right track. I'm very new to networking so I was confused but then going back to my original question should I enter my pfsense IP address in both the general setup config page as well as the DHCP server page for each interface?

            Before entering 10.10.10.1

            After entering 10.10.10.1

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @TechNetwork1
              last edited by johnpoz

              @TechNetwork1 you must have unbound set to listen on all addresses.. Guess that would mean vips as well.

              You normally would have to do nothing.. There is no IP that needs to go into the general setup, unless you wanting unbound to forward to something..

              And dhcp would default to handing out the IP of the interface its enabled on.. Out of the box there really is nothing to touch here.

              So say you had lan 192.168.1.1/24 on pfsense, and opt1 network as say 192.168.2.1/24.. If you dhcp server on lan would hand out the 192.168.1.1 to devices on that network, and opt1 dhcpd would hand ot 192.168.2.1 to its dhcp clients.

              If your filtering then everyone would be filtered.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.