How to have certain ip address use different DNS server?

aGeekhere

Hi, I want to have different nodes use different dns server however i am not fulling understainding how i can do this while still having my host overrides work under the DNS Resolver

Setup
System General Setup DNS Server Settings
192.168.1.20 Lancache server
1.1.1.3
1.0.0.3
DNS Server Override unticked

Services DHCP Server LAN
DNS Servers
DNS server 1: 192.168.1.20 Lancache server

DHCP Static Mappings
For a node set
DNS 1: 192.168.1.20 lancache
DNS 2: 192.168.1.1 pfsense
DNS 3: 8.8.8.8
DNS 4: 8.8.4.4

When i do this my host overrides stop working, i am guessing that the order of the dns do not followed in order and the node could be using 8.8.8.8 first?

Is there a better way to have different nodes use different DNS servers while still using pfsense as the DNS server first?

keyser

@aGeekhere Whoaa, that is a somewhat complicated DNS structure you have there….

1: Stop handing out other DNS servers than ones that you control (ie: no DNS3/4 google Dns to clients)
2: If you want to use Lancache server (why??) for some clients, create a stubzone on that server for your internal domainnames pointing to pfSense DNS where your overrides are present. Then it will resolve those names using the DNS on pfSense.

What I dont understand is: why the need for different DNS servers? Is it because you want different DNS resolution capabilities based on some clients groups? If that is the case, then perhaps using some of the advanced controls in pfSense’s Unbound combined with pfBlockerNG could solve your problem? Read this article for inspiration:

https://wiki.sharewiz.net/doku.php?id=pfsense:pfblockerng:bypass_pfblockerng_for_specific_clients

aGeekhere

@keyser
What i would like is

1. All clients use pfsense as their primary DNS server
2. Then use lancache as the next DNS server so i can cache (lancache UPSTREAM_DNS is set to pfsense)
3. Then use 1.1.1.3 and 1.0.0.3 for web filtering
   Now i want a few servers and users to use 1.1.1.1 and 1.0.0.1 instead of the filtering but still use the lancache and the DNS Resolver.

I can override that with DHCP Static Mappings however host overrides stop working.

keyser

@aGeekhere Okay, so the real trouble is actually because of the few clients that you want to bypass the DNS filtering done by 1.1.1.3/1.0.0.3

1: Unbound DNS in pfsense by default does caching of all DNS lookups as TTL records allows. This is the same caching as Lancache does unless you start configuring some out of spec extra caching (of invalid records). If that is your reason to keep lancache in the loop configure Unbound to do the same (out of spec) caching of stale records - it can be done in the advanced settings.

2: Configure Unbound in pfSense to use forwarding instead of the default root recursive resolution. Then Unbound will do all lookups by forwarding to the DNS servers in "SYSTEM -> GENERAL -> DNS Servers"
It will still cache all records, so just hand the clients your pfSense DNS and drop the lancache server.

Using forwarding mode prevents us from exempting specific clients from being DNS filtered pr. the forwarding servers filters. So to have a few clients NOT being filtered things become a little more troublesome. For this you could:

1: Keep the lancache servers for those clients - make a DHCP reservation with a DNS override to hand them the lancache server as the only DNS
2: Configure Lancache to use your preferred public DNS as forwarding servers (1.1.1.1/1.0.0.1).
3: Create a stubzone on Lancache for you internal domain name for clients (the domain name used for your overrides in pfSense), and point that stubzone to forward to pfSense instead of 1.1.1.1/1.0.0.1

This will create the scenario you are looking for.