Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS resolver and "split DNS"

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 280 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      phil80
      last edited by

      I am trying to have a VPN client use a dnsforge.de dns server while still being able to resolve local dns domains
      VPN interface: 192.168.100.1

      In DNS resolver, I add these fields:

      # Forward non local VPN queries to dnsforge
server:
	access-control-view: 192.168.100.0/24 vpnview
	access-control-view: 192.168.10.0/24 default
# Default view for everyone else (no forwarding)
view:
	name: "default"
	view-first: yes
# VPN clients forwarded to dnsforge, except for local domains
view:
	name: "vpnview"
	view-first: yes
	forward-zone:
		name: "."
		forward-addr: 49.12.222.213

      It works for VPN clients. However, my 192.168.10.50 local host also now is forwarded to dnsforge server instead of the default global DNS servers defined under General

      How can I achieve this ? Sadly, Android always uses the first DNS pushed so only option is server side

      P 1 Reply Last reply Reply Quote 0
      • P Offline
        phil80 @phil80
        last edited by phil80

        @phil80
        Ok, short answer: unbound doesn't support forward-zone: per view. It is applied globally. There's a github ongoing feature request for this
        If someone has another idea to achieve my goal it'd be welcome

        S 1 Reply Last reply Reply Quote 0
        • S Offline
          SteveITS Rebel Alliance @phil80
          last edited by

          @phil80 You could try a NAT rule on that VLAN:
          https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html (see the Tip)

          Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
          Upvote ๐Ÿ‘ helpful posts!

          P 1 Reply Last reply Reply Quote 0
          • P Offline
            phil80 @SteveITS
            last edited by

            @SteveITS said in DNS resolver and "split DNS":

            @phil80 You could try a NAT rule on that VLAN:
            https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html (see the Tip)

            That doesn't work as I said: Android won't check second or more pushed dns servers if first one fails
            Nat redirect will redirect all client dns queries (port based) , not queries for a domain name

            S 1 Reply Last reply Reply Quote 0
            • S Offline
              SteveITS Rebel Alliance @phil80
              last edited by

              @phil80 oh I see nvm then

              Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
              Upvote ๐Ÿ‘ helpful posts!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.