Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFsense and DNS redirect services

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 5.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      ffh
      last edited by

      Hi all,

      I have recently installed pfsense 2.0.2 on a little micro box to act as a router for my network. I previously had just a standard run of the mill router which worked well but didn't give me the control I wanted (teenagers in the house).

      I live in Australia and have been using a DNS redirect service to get hulu.com on my media center, xbox and PC and it has been working perfectly, no issue's at all. Until I changed over to PFsense.

      How the network was set up prior was simple, in the router I had my ISP's dns servers and in the devices that were connecting to Hulu I would specifiy the IP of my DNS redirect service thus enabling the Hulu system to think I was in the US and enable me to stream the content.

      I figured there would be no change to this with installing PFsense however none of my devices can connect to my DNS redirection service DNS servers and thus Hulu is cracking up saying the content is not available to be viewed outside the US. My wife is about to kill me now not to mention a mutiny from the teenagers.

      I have disabled DNS forwarding, disabled DHCP (although would really like to use this) however this has not fixed the issue. Now here is the tricky part. If I change the WAN DNS servers to the DNS redirection service DNS servers all is ok, but this slows my internet service down for Australian sites.

      How can I configure PFsense to allow DNS overrides in the clients that I access Hulu from with the DNS redirection service but maintain the ISP DNS servers for all the other clients on my network?

      Cheers,

      FFH.

      1 Reply Last reply Reply Quote 0
      • W Offline
        wallabybob
        last edited by

        The default configuration of pfSense would allow any system connected to the LAN interface to access whatever DNS it wants. I suspect you have done something (possibly inadvertently) that you haven't told us about. To put it differently, I expect your original configuration should have worked as you described.

        @ffh:

        however none of my devices can connect to my DNS redirection service DNS servers

        It would be helpful to have more details including your network configuration. Did the devices with problems have static IP addresses? If so, were those IP addresses in the same subnet of the pfSense interface to which they were connected? Was that the pfSense LAN interface? (By default, access from non-LAN interfaces is blocked.)  If access was blocked by pfSense the block would probably be recorded in the pfSense Firewall log: (see Status -> System Logs, click on Firewall tab).

        Can these devices connect to anything at all by host name or IP address?

        1 Reply Last reply Reply Quote 0
        • F Offline
          ffh
          last edited by

          @wallabybob:

          The default configuration of pfSense would allow any system connected to the LAN interface to access whatever DNS it wants. I suspect you have done something (possibly inadvertently) that you haven't told us about. To put it differently, I expect your original configuration should have worked as you described.

          @ffh:

          however none of my devices can connect to my DNS redirection service DNS servers

          It would be helpful to have more details including your network configuration. Did the devices with problems have static IP addresses? If so, were those IP addresses in the same subnet of the pfSense interface to which they were connected? Was that the pfSense LAN interface? (By default, access from non-LAN interfaces is blocked.)  If access was blocked by pfSense the block would probably be recorded in the pfSense Firewall log: (see Status -> System Logs, click on Firewall tab).

          Can these devices connect to anything at all by host name or IP address?

          Hi Wallabybob,

          This is a pretty vanilla install. Fresh pfsense install. Current network structure is this: Client 1 and 2 with xbox 1 connected to smart switch 1 which has a truncated link (2gb/sec) to smart switch 2. Client 3, media center and xbox 2 connect to smart switch 2. Client 4, Playstation connect to smart switch 2 via powerline adaptor and client 5 connects to smart switch 2 via powerline adaptor. We also have a WAP that connects into smart switch 2 for the tablets and phone etc. The Micro system with pfsense connects into smart switch 2 which intern connects to the modem/router in bridge mode.

          I am using PPPoE for the WAN connection to our ISP. I have squid3 loaded and squidguard to keep the teens under control. I have DHCP enabled for the mobile clients but all PC's (clients), Xbox's, Playstations have specified IP's and DNS servers. The only change to the DNS servers are for the Media center, Client 1 and Xbox 1 which all access Hulu via the DNS redirection service which before pfsense worked perfectly. Once PFsense was installed, it simply won't work. The client DNS settings are not being passed through the PFsense box. I check this with some simple isolation testing. I also changed the DNS servers in PFsense from the ISP's servers to the redirect service'. This works but because they use some fancy proxying to let me watch the programming, it drastically reduces my available bandwidth, from 17mb/sec down to 3mb/sec.

          Oh BTW the DNS redirect Service I am using is called Unotelly. You can go on there with a browser and it will detect if your using their DNS or not, this does not work despite the DNS being specified on the client when I am using the ISP's DNS in PFsense.

          I hope this helps explain it a little better. I can't think of any other pertinent information, like I said. It's pretty much a vanilla install.

          Cheers,

          FFH

          1 Reply Last reply Reply Quote 0
          • W Offline
            wallabybob
            last edited by

            Is the content downloaded by http? If so, squid will surely be involved and will probably use its "local" DNS rather than whatever you have configured on the real client.

            I don't know enough about squid operation to suggest a fix but it could be worthwhile disabling squid on pfSense, rebooting (to make sure squid is disabled) and then trying your content download.

            1 Reply Last reply Reply Quote 0
            • F Offline
              ffh
              last edited by

              @wallabybob:

              Is the content downloaded by http? If so, squid will surely be involved and will probably use its "local" DNS rather than whatever you have configured on the real client.

              I don't know enough about squid operation to suggest a fix but it could be worthwhile disabling squid on pfSense, rebooting (to make sure squid is disabled) and then trying your content download.

              Yup, that looks like it was the problem. Yes Hulu is delivered via HTTP. Was staring me in the face.

              Anyway I am now going to test for some configuration changes and see if I can get this to work with squid. Thanks for your help Wallabybob.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.