Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [solved] Using one interface for Domain Overrides only?

    Scheduled Pinned Locked Moved DHCP and DNS
    8 Posts 3 Posters 344 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Bob.DigB
      Bob.Dig LAYER 8
      last edited by Bob.Dig

      I have another router behind pfSense. That router has its own domain name. I do query it from pfSense for this domain name via Domain Overrides in the resolver.
      But the resolver will also send every DNS query via the interface to that other router, which I don't like.
      It seems, I can't block the resolver doing that with firewall rules because you can't block the firewall itself.

      What are my options within pfSense?

      Bob.DigB 1 Reply Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8 @Bob.Dig
        last edited by

        I guess I solved it by not allowing pfSense to have internet access on that other router. ๐Ÿ˜‰
        So at least those querys won't come back into pfSense on that other router's WAN-interface.

        GertjanG johnpozJ 2 Replies Last reply Reply Quote 0
        • GertjanG
          Gertjan @Bob.Dig
          last edited by

          @Bob-Dig

          Can you specify a different configuration for different interfaces in unbound? ?

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          Bob.DigB 1 Reply Last reply Reply Quote 1
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @Bob.Dig
            last edited by johnpoz

            @Bob-Dig huh?

            If I set an IP internally for a domain override for say somedomain.tld, only queries that are for host.somedomain.tld will be sent there - not all other queries.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            Bob.DigB 1 Reply Last reply Reply Quote 1
            • Bob.DigB
              Bob.Dig LAYER 8 @Gertjan
              last edited by Bob.Dig

              @Gertjan @johnpoz Yeah, my guess is, you can do a lot with manual unbound config changes but I am more a GUI-type person. ๐Ÿ˜Š

              But if you guys want to hand me the answer on a silver platter, I don't say no. ๐Ÿ˜‰

              1 Reply Last reply Reply Quote 0
              • Bob.DigB
                Bob.Dig LAYER 8 @johnpoz
                last edited by Bob.Dig

                @johnpoz said in Using one interface for Domain Overrides only?:

                If I set an IP internally for a domain override for say somedomain.tld, only queries that are for host.somedomain.tld will be sent there - not all other queries.

                Unbound in pfSense always uses all interfaces (or all that are selected) for upstream querys or what did I miss? My "problem" is that a query also goes through the interface to that other router, then goes out its WAN, which is a LAN of pfSense and so on, I would like to stop this... I kinda did on that other router by not allowing pfSense to have internet access.

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @Bob.Dig
                  last edited by

                  @Bob-Dig just because all interfaces are set.. it wouldn't send traffic to some internal IP for google.com - unless that internal IP was also a gateway in your routing.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  Bob.DigB 1 Reply Last reply Reply Quote 1
                  • Bob.DigB
                    Bob.Dig LAYER 8 @johnpoz
                    last edited by Bob.Dig

                    @johnpoz said in Using one interface for Domain Overrides only?:

                    it wouldn't send traffic to some internal IP for google.com - unless that internal IP was also a gateway in your routing

                    Interesting. Right now it is set up as a WAN-type interface. I guess I did it for NAT etc. but I can have that without being a WAN-type interface... Thanks John! Makes sense if I think about it. ๐Ÿคฆ

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.