DNS Port Forward Inglês DOES NOT REDIRECT

mcury

@frawnsmoc https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html

frawnsmoc

@mcury It was the first one I tried and it goes through normally without redirecting

AndyRH

This is my solution using PiHole. Will also work using pfSense.

https://forum.netgate.com/topic/156453/pfsense-dns-redirect-to-local-dns-server?_=1663853296484

mcury

Redirect IP 10.0.1.1 and NAT IP 10.0.1.1 ?

Here it is working:

frawnsmoc

@mcury
see the two examples I did the same as you showed me the first answer was that it is going straight through without the redirection it should have the same msg as the 2nd test I did but forcing the pfsense IP

mcury

@frawnsmoc

Create a host override in pfSense, then test for that host.
Like my example, iphone.home.arpa is only known to my DNS server, so, even when I asked 8.8.8.8 to resolve it, I got an answer from my local DNS server.

frawnsmoc

@mcury HOST OVERRIDES.jpg
unfortunately the same response goes straight to DNS. Google, is there something I'm doing wrong because if I set it to block it works but I would have to go to all the computers and set the DNS, but it wouldn't solve the problem that comes back, people go and change it again even if it crashes, so I have to stay focused to fix it and redirecting all the traffic 53 to pfsense would solve it because I could change it to any other one that wouldn't make a difference

mcury

@frawnsmoc I think you misunderstood me, the idea of the host override is to confirm if the DNS is being redirected, and not create a host override for google.

Perhaps perform a packet capture on localhost in pfSense, UDP port 53 and test with the nslookup again.

frawnsmoc

@mcury I've already done this, I tested it and it goes straight through until I thought it was a problem with the NAT, but there are security cameras using the NAT perfectly.

I did a generic test with a generic port for 8.8.8.8:12345 and 127.0.0.1:12345 intercept or 10.0.1.1:12345 the nat will not

mcury

@frawnsmoc said in DNS Port Forward Inglês DOES NOT REDIRECT:

@mcury I've already done this, I tested it and it goes straight through until I thought it was a problem with the NAT, but there are security cameras using the NAT perfectly.

I did a generic test with a generic port for 8.8.8.8:12345 and 127.0.0.1:12345 intercept or 10.0.1.1:12345 the nat will not

Perform a packet capture on the WAN interface, select host 8.8.8.8 and UDP port 53.
Then test again, if the packet capture is empty, it is redirecting it.

frawnsmoc

@mcury replace pfsense with mikrotik matter solved pfsense has this bug

mcury

@frawnsmoc said in DNS Port Forward Inglês DOES NOT REDIRECT:

replace pfsense with mikrotik matter solved pfsense has this bug

ok