PFBlockerNG DNSBL with AD
-
Hi,
Just after some help, I have Server 2012r2 doing my DNS and would like to use DNSBL to block ads if possible.
I seem to be able to to get it to work by setting up the DNS forwarder in windows server to point to pfsense IP but this doesn't seem right.
I also use UNOTelly.com so I can watch Hulu and US Netflix in Australia.
thanks for any helpregards
Jamie -
I seem to be able to to get it to work by setting up the DNS forwarder in windows server to point to pfsense IP but this doesn't seem right.
Sounds right to me. Your clients (Windows, I assume) would have to have a Windows server for DNS in order to resolve your Windows AD environment correctly, so forwarding to your PFS seems sound. Not sure what to say about UNOTelly, as it doesn't appear to be a question per se.
-
Thanks for your Reply.
I want to use unotelly dns servers so that I can watch Hulu , Netflix.
Their DNS servers make me appear to be in the USA.
I hope that makes sense. -
I want to use unotelly dns servers so that I can watch Hulu , Netflix.
Their DNS servers make me appear to be in the USA.DNS servers won't change your source address, so how that's going to make Hulu think you're coming from the USA, I've no idea. You might be able to do this using an anonymizing external proxy.
-
Thanks again for your Reply, not sure how the Uno Telly works but it allows me to watch Netflix from any country.
I can change the country by using an app on my iPhone.
https://www2.unotelly.com/v3
I've found a bit of a work around by manually changing my apple tv to UNoTelly's DNS but would prefer not to do this if possible.Regards
Jamie -
You want to set up conditional DNS forwarders in either AD or pfSense to selectively use the UnoTelly DNS servers for Netflix and Hulu. A list of domains for different streaming sites is provided at https://getflix.zendesk.com/hc/en-gb/articles/201056954-Can-I-selectively-use-Getflix-DNS-servers-for-specific-domains-. You'll need to replace the Getflix domain with UnoTelly.
Another alternative if you want all of your DNS queries to go via UnoTelly would be to enable forwarders under the DNS resolver settings, and specify the UnoTelly servers.
-
Thank you for your help it seems to be working great.
I used conditional forwarders in AD.I thought about using UnoTelly dns as the forwarders instead of my AD DNS but then ARP Tables don't resolve local host names.
Maybe I did it wrong lol.
Anyway your first sugestion works great so thanks again :-) -
I thought about using UnoTelly dns as the forwarders instead of my AD DNS but then ARP Tables don't resolve local host names.
That's quite easily fixed. You can enter domain overrides for your local subnet at the bottom of the general settings tab of the DNS resolver in pfSense. For example if your local LAN domain is local.domain.com on subnet 192.168.1.1/24 the you would enter domain overrides for local.domain.com and 1.168.192.in-addr.arpa pointing to your AD DNS servers. pfSense will then be able to resolve local host names in the ARP Tables.
So your DNS path for clients on your LAN would be LAN client -> AD DNS (clients stop here for local domain) -> pfSense DNS Resolver with PFBlockerNG DNSBL -> UnoTelly DNS.
-
I ended up having to do this additional step as how I had it working was wrong, I had my AD DNS IP's in PFSENSE DNS servers and my AD DNS server was pointing to the IP of PFSENSE.
I don't know how it was working that way but It was working quite slow :-(So I now have my ISP's DNS servers IP's in PFSENSE under general and my AD DNS servers forwarders pointing back at Pfsense.
I have rules setup in my AD DNS servers for Hulu & Netflix to use Unotelly DNS.I have put in the domain override for my local network as suggested?
Everything seems to be working and speed is back to normal speed.
I appreciate your help :-)
Regards
Jamie