OpenDNS with Google Safe Search
-
Hello, I am using Google Safe Search as this post says: https://forum.pfsense.org/index.php?topic=112335.0, but now I want to use OpenDNS too https://disloops.com/opendns-on-pfsense/ . The problem is that if I want to use Google Safe Search I have to enable DNS resolver, but if I want OpenDNS I need to unable DNS Resolver. How can I set both in my network?
-
That guide is wrong. You do not need to disable the resolver to use OpenDNS. You only have to enable forwarding mode in the resolver settings.
-
Hello - I created the OpenDNS guide that was cited by DelfinDelfin. I used the following forum post when setting up OpenDNS, which instructs users to use the DNS Forwarder and disable DNS Resolver:
https://forum.pfsense.org/index.php?topic=112288.0
The author of the original blog post had problems configuring the DNS Resolver to use OpenDNS. I believe that's because OpenDNS does not support DNSSEC, which the DNS Resolver uses by default. If you disable the DNSSEC option on the DNS Resolver, it works with OpenDNS and there is no need to use the DNS Forwarder. (EDIT: And of course you have to enable Forwarding Mode in the DNS Resolver like Jimp points out above.)
DelfinDelfin - It sounds like this is your ideal setup. Can you please post what worked for you?
Jimp - Does that sound right to you? Also - enabling the DNS Resolver requires that the DNS Forwarder be disabled or be moved to a different port. They cannot both bind to port 53 to provide DNS services. Is there ever any need to run those two services together?
-
jimp mentioned to enable "Forwarding mode" in the "DNS Resolver" settings.
-
If the servers do not support DNSSEC, then yes, you'll have to disable DNSSEC in addition to enabling forwarding mode in the resolver. Given how OpenDNS manipulates record results to perform its filtering, it's no surprise they don't support DNSSEC.