Force PFSense 2.3.2.p1 to route all DNS traffic to itself / opendns (SOLVED)

georgeberz

I am using PFS v2.3.2-release-p1
Force PFSense to route all DNS traffic to itself
I do not want my kids being able to bypass OPENDNS filtering

How do I configure the DNS or FIREWALL to do this?
I have been around on some of the tutorials, but they are all different in the layout and nothing seems to work.

Thank you

G

Derelict

There are a few ways to do that:

Set the hosts to use OpenDNS as their DNS servers and block DNS to everything else.

Set the hosts to use pfSense as their DNS server and block anything else and set pfSense to use OpenDNS as the forwarders (must use the forwarder or the resolver in forwarding mode.)

Port forward all DNS queries to whatever servers to OpenDNS.

Port forward all DNS queries to whatever servers to pfSense which is using OpenDNS as described above.

chrcoluk

I believe the answer is to use outbound NAT rules where the source packet is within your LAN and destination port is 53 to forward the DNS query to 127.0.0.1 53.

Derelict

Yeah, not really. Outbound NAT translates source addresses/ports, not destination addresses/ports.

KOM

https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

chrcoluk

thanks KOM I got slightly confused when rushing my reply, not sure why derelict didnt post it when he posted I was wrong.

georgeberz

It is not working, I dont understand this paragraph. I made it look like the picture at the end of the description but it seems there are other things to configure so it is only a partial way to configure as it asks other things to be configured but no example like binding or how to configure the resolver or where.?

I am not a network GEEK, Im a dad of 6 boys and trying to make a safe house and internet for my children.

Also we got a letter from cable provider about pirating a file… I need to stop all bittorrent and such and though open dns filter would be a good way to start with pf sense

So can anyone help in more detail for a guy needing a dummies guide to configuring pfsense.

"To restrict client DNS to only the specific servers configured on a firewall, a port forward may be used to capture all DNS requests sent to other servers.
Before adding this rule, ensure the DNS Forwarder or DNS Resovler is configured to bind and answer queries on Localhost, or All interfaces.
In the following example, the LAN interface is used, but it could be used for any local interface. Change the Interface and Destination as needed. "

@KOM:

https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

Thank you

George

chrcoluk

I just set this up, and its working for me.

See this below I tried to do a dns lookup via google dns, but it was redirected to my pfsense unbound resolver as evident by the 10.10.10.1 response (domain in DNSBL).

C:\Windows\system32>nslookup otorola.clever-search771.ru. 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    otorola.clever-search771.ru
Address:  10.10.10.1

I set as described in the article, there is an option at the end about associated rules which I set to pass.

georgeberz

I dont understand how to do this

@chrcoluk:

I believe the answer is to use outbound NAT rules where the source packet is within your LAN and destination port is 53 to forward the DNS query to 127.0.0.1 53.

georgeberz

I have a fresh install of pfsense and need to know all the things I need to do to change all network DNS to opendns servers, I put the 2 servers in in initial setup… but I nee dot force my kids to use the pfsense configured ones.

I need a dummies guide to do this.

George

chrcoluk

this is the guide

https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

just take your time with it.

georgeberz

here is the part I dont understand

At the top of your link…

"Before adding this rule, ensure the DNS Forwarder or DNS Resovler is configured to bind and answer queries on Localhost, or All interfaces. "

how and where do I check that?

George

@chrcoluk:

this is the guide

https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

just take your time with it.

georgeberz

derelict, I see nothing here that helps, Im an idiot when it comes to this stuff, you've thrown out a direction to look and I do not understand… do you have any actual itemized help?

George

@Derelict:

There are a few ways to do that:

Set the hosts to use OpenDNS as their DNS servers and block DNS to everything else.

Set the hosts to use pfSense as their DNS server and block anything else and set pfSense to use OpenDNS as the forwarders (must use the forwarder or the resolver in forwarding mode.)

Port forward all DNS queries to whatever servers to OpenDNS.

Port forward all DNS queries to whatever servers to pfSense which is using OpenDNS as described above.

chrcoluk

@georgeberz:

here is the part I dont understand

At the top of your link…

"Before adding this rule, ensure the DNS Forwarder or DNS Resovler is configured to bind and answer queries on Localhost, or All interfaces. "

how and where do I check that?

George

by default they bind to localhost, so you simply only need either the dns resolver or dns forwarder enabled on its default settings.

KOM

how and where do I check that?

Services - DNS Forwarder or DNS Resolver.

georgeberz

Thank you

I attached screen shot of current issue.
firewall>nat>port forward
services>dns forwader

It is working now all traffic forwarded to opendns dns servers and the filtering is working BUT/HOWEVER

If I let house computers (kids etc all win10 machines) go on automatic DHCP they go nowhere on the net but things like facebook notifications and some chat works.
If I put 8.8.8.8 and 8.8.4.4 into the DNS 1 and 2 settings on each of the computers, then it works… if I let auto assign DNS it wont. and we are not even using google dns, as it will reroute that to opendns.

The android devices like Samsung cell phone and table will not work wirelessly anymore and just hang. the dns on my cell phone android samsung

So the problem is DHCP is not assigning appropriate DNS settings it is assigning ip addresses ok just not DNS

@KOM:

how and where do I check that?

Services - DNS Forwarder or DNS Resolver.

![2017-01-07 12_32_41-pfSense.localdomain - Services_ DNS Forwarder.jpg_thumb](/public/imported_attachments/1/2017-01-07 12_32_41-pfSense.localdomain - Services_ DNS Forwarder.jpg_thumb)
![2017-01-07 12_32_41-pfSense.localdomain - Services_ DNS Forwarder.jpg](/public/imported_attachments/1/2017-01-07 12_32_41-pfSense.localdomain - Services_ DNS Forwarder.jpg)
![2017-01-07 12_30_57-pfSense.localdomain - Firewall_ NAT_ Port Forward_ Edit.jpg](/public/imported_attachments/1/2017-01-07 12_30_57-pfSense.localdomain - Firewall_ NAT_ Port Forward_ Edit.jpg)
![2017-01-07 12_30_57-pfSense.localdomain - Firewall_ NAT_ Port Forward_ Edit.jpg_thumb](/public/imported_attachments/1/2017-01-07 12_30_57-pfSense.localdomain - Firewall_ NAT_ Port Forward_ Edit.jpg_thumb)

georgeberz

I fixed it by changing in dns forwarder interfaces at bottom to "all" from lan and now it is all working…

thank you for everyones help!

George

@georgeberz:

Thank you

I attached screen shot of current issue.
firewall>nat>port forward
services>dns forwader

It is working now all traffic forwarded to opendns dns servers and the filtering is working BUT/HOWEVER

If I let house computers (kids etc all win10 machines) go on automatic DHCP they go nowhere on the net but things like facebook notifications and some chat works.
If I put 8.8.8.8 and 8.8.4.4 into the DNS 1 and 2 settings on each of the computers, then it works… if I let auto assign DNS it wont. and we are not even using google dns, as it will reroute that to opendns.

The android devices like Samsung cell phone and table will not work wirelessly anymore and just hang. the dns on my cell phone android samsung

So the problem is DHCP is not assigning appropriate DNS settings it is assigning ip addresses ok just not DNS

@KOM:

how and where do I check that?

Services - DNS Forwarder or DNS Resolver.