Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Forbid external DNS servers - DNS Forwarder does not work

    Scheduled Pinned Locked Moved
    DHCP and DNS
    3
    7
    933
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tibbs
      last edited by

      My goal is to forbid any DNS servers thats been set on the user's host and use pfsense's DNS forwarder instead.

      -Disabled DNS resolver and enabled DNS Forwarder service. Set some domain overrides.

      -Interfaces for DNS Forwarder:
      All

      -Made the rules for port 53 as described here:
      https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers

      -The DNS servers (System/General):
      8.8.8.8
      4.4.4.4

      -Applied all the changes, restarted services.

      Result is that DNS resolve does not work at all.

      Any idea?

      1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad
        last edited by

        https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • T
          tibbs
          last edited by

          @NogBadTheBad:

          https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

          Thank you. But then, why the page https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers does not mention that port forwarding is also necessary?

          1 Reply Last reply Reply Quote 0
          • NogBadTheBadN
            NogBadTheBad
            last edited by

            @tibbs:

            @NogBadTheBad:

            https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

            Thank you. But then, why the page https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers does not mention port forwarding?

            Ones just blocks requests, the other sends all requests to the firewall regardless :)

            With the URL I mentioned, the user wouldn't know their DNS request to 8.8.8.8 was going to the local router.

            Andy

            1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

            1 Reply Last reply Reply Quote 0
            • A
              ast
              last edited by

              @NogBadTheBad:

              @tibbs:

              @NogBadTheBad:

              https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

              Thank you. But then, why the page https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers does not mention port forwarding?

              Ones just blocks requests, the other sends all requests to the firewall regardless :)

              With the URL I mentioned, the user wouldn't know their DNS request to 8.8.8.8 was going to the local router.

              Is there a way for us to apply this firewall rule even to clients using VPN app or Proxy app?    Android devices seems to be able to bypass the firewall dns rule.

              1 Reply Last reply Reply Quote 0
              • NogBadTheBadN
                NogBadTheBad
                last edited by

                Clients on your network using a VPN / Proxy external ?

                If the above is true then no.

                Andy

                1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                1 Reply Last reply Reply Quote 0
                • A
                  ast
                  last edited by

                  @NogBadTheBad:

                  Clients on your network using a VPN / Proxy external ?

                  If the above is true then no.

                  Yes, VPN app like Ultrasurf.  I noticed during my tesitng, that ultrasurf running on Chrome on Mac OSX can't seem to connect, but Ultrasurf on Android can.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post