Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Dns forwarder - domain overrides?

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robina80
      last edited by

      hi all,

      i was wondering what this does?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        A bit here: https://doc.pfsense.org/index.php/DNS_Forwarder
        Usually used when you have an internal domain that has its names served by an internal DNS server - e.g. your Windows Server Active Directory-based DNS for internal.mycompany.com is found on 10.0.0.42 - put that in Domain Overrides.
        Then when a client asks about xyz.internal.mycompany.com the DNS Forwarder will send the query to 10.0.0.42 instead of the usual upstream (public) DNS.

        You can also effectively black-hole public domains - put a matching entry for like "facebook.com" with "!" in the IP address field so requests for that domain (www.facebook.com etc) go nowhere, do not resolve locally and so do not work for clients.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • R
          robina80
          last edited by

          phil thank you makes sense

          but with regards to the facebook block, wouldnt you put that in host overrides and not the domain overrides as its one host not a whole domain with multiple hosts?

          1 Reply Last reply Reply Quote 0
          • P
            phil.davis
            last edited by

            You want to make all sorts of Facebook names stop working. e.g. I just randomly tried blog.facebook.com and it came up with stuff. There might be lots of Facebook names, so the Domain Override covers all in one go.
            But yes, you could put a host override for every individual FQDN you know of.

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              Take a look at this link:

              https://forum.pfsense.org/index.php?topic=82852.msg453980#msg453980

              And you can use HE and search for any particular host IPs:

              IE-

              http://bgp.he.net/search?search[search]=facebook&commit=Search

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.