Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Different DNS Forwards for each VLAN + Internal DNS

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 3 Posters 708 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JasonHarper
      last edited by

      Hello,

      I have a configuration challenge I’m trying to sort through and would appreciate any help!

      I have three networks:

      VLAN 10 - 192.168.1.0 - Students
      VLAN 20 -192.168.2.0 - Teachers
      VLAN 30 - 192.168.3.0 - Guests

      We use a hosted content filtering solution and the rule sets are available to us on various public DNS IP’s. In our case, here is an example of the DNS servers I need each VLAN to use:

      VLAN 10 -> 1.1.1.1
      VLAN 20 -> 2.2.2.2
      VLAN 30 -> 3.3.3.3

      For VLAN 30, this is easy because I can simply add 3.3.3.3 into the DHCP scope and I’m off and running.

      However, for VLAN 10 and 20, we have internal services that I need accessible by name. So, my question is, how do I configure pfSense to have an internal DNS database that can perform local lookups and then forward queries to a specific public DNS server based on VLAN/interface?

      Thank you in advance!
      Jason

      1 Reply Last reply Reply Quote 0
      • awebsterA
        awebster
        last edited by

        While I don't know about using different resolvers per-subnet, you can use the built-in resolver's host or domain overrides to return your chosen values for specific requests.
        My understanding is that the pfSense built-in resolver is going to use the same underlying DNS servers for all name resolution, however, as you put it, you can always override what DNS servers are used in the DHCP configuration.
        In your specific instance, if you use 3.3.3.3 for VLAN 30, and the router_IP_of_pfSense for VLAN 10 and 20, pfSense can then be pointed to your public facing content filtering DNS servers and you can respond to requests for internal DNS resources as well.

        See: https://docs.netgate.com/pfsense/en/latest/dns/unbound-dns-resolver.html

        –A.

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          @JasonHarper said in Different DNS Forwards for each VLAN + Internal DNS:

          internal DNS database that can perform local lookups and then forward queries to a specific public DNS server based on VLAN/interface?

          You do understand you now have a common cache.. So if teachers go to something that teachersallowed.com it will then be cached... Then student tries to go to there and since cached they will look it up from cache..

          You can not do what your asking to do when you have local cache that is shared.. You would need to 3 different NS locally so that your caches different, these 3 can do a delegated forward to your local dns running on pfsense for local resources.

          Sure you could setup a view and vlanX gets forwarded here, and then vlanY gets sent there.. But your problem is going to be the common cache.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.