DNS Port Forward Inglês DOES NOT REDIRECT

frawnsmoc · Apr 10, 2025, 2:16 PM

@mcury It was the first one I tried and it goes through normally without redirecting 🔒 Log in to view

AndyRH · Apr 10, 2025, 2:17 PM

This is my solution using PiHole. Will also work using pfSense.

https://forum.netgate.com/topic/156453/pfsense-dns-redirect-to-local-dns-server?_=1663853296484

mcury · Apr 10, 2025, 2:29 PM

Redirect IP 10.0.1.1 and NAT IP 10.0.1.1 ?

Here it is working:

🔒 Log in to view

frawnsmoc · Apr 10, 2025, 5:18 PM

@mcury 🔒 Log in to view
see the two examples I did the same as you showed me the first answer was that it is going straight through without the redirection it should have the same msg as the 2nd test I did but forcing the pfsense IP

mcury · Apr 10, 2025, 5:23 PM

@frawnsmoc

Create a host override in pfSense, then test for that host.
Like my example, iphone.home.arpa is only known to my DNS server, so, even when I asked 8.8.8.8 to resolve it, I got an answer from my local DNS server.

frawnsmoc · Apr 10, 2025, 5:58 PM

@mcury 🔒 Log in to view
unfortunately the same response goes straight to DNS. Google, is there something I'm doing wrong because if I set it to block it works but I would have to go to all the computers and set the DNS, but it wouldn't solve the problem that comes back, people go and change it again even if it crashes, so I have to stay focused to fix it and redirecting all the traffic 53 to pfsense would solve it because I could change it to any other one that wouldn't make a difference

mcury · Apr 10, 2025, 8:23 PM

@frawnsmoc I think you misunderstood me, the idea of the host override is to confirm if the DNS is being redirected, and not create a host override for google.

Perhaps perform a packet capture on localhost in pfSense, UDP port 53 and test with the nslookup again.

frawnsmoc · Apr 11, 2025, 1:22 PM

@mcury I've already done this, I tested it and it goes straight through until I thought it was a problem with the NAT, but there are security cameras using the NAT perfectly.

I did a generic test with a generic port for 8.8.8.8:12345 and 127.0.0.1:12345 intercept or 10.0.1.1:12345 the nat will not

mcury · Apr 11, 2025, 1:22 PM

@frawnsmoc said in DNS Port Forward Inglês DOES NOT REDIRECT:

@mcury I've already done this, I tested it and it goes straight through until I thought it was a problem with the NAT, but there are security cameras using the NAT perfectly.

I did a generic test with a generic port for 8.8.8.8:12345 and 127.0.0.1:12345 intercept or 10.0.1.1:12345 the nat will not

Perform a packet capture on the WAN interface, select host 8.8.8.8 and UDP port 53.
Then test again, if the packet capture is empty, it is redirecting it.

frawnsmoc

@mcury replace pfsense with mikrotik matter solved pfsense has this bug

mcury

@frawnsmoc said in DNS Port Forward Inglês DOES NOT REDIRECT:

replace pfsense with mikrotik matter solved pfsense has this bug

ok