Get all DNS traffic routed through pi-hole and block all other DNS queries
-
I am trying to get all LAN DNS traffic routed through a raspberry pihole. I have both the netgate appliance and pihole sending logs to splunk and I can see that LAN DNS queries are directed to the gateway BUT there are no queries coming from my pihole and all the DNS traffic seems to be going out the WAN interface (challenge #1).
I created a FW filter to attempt to block all 'unauthorized' outbound DNS queries but the rule for the WAN doesn't seem to do anything. I would like all DNS queries to only be allowed to the Internet from the pihole (challenge #2). This seems like a straightforward use case and I am probably missing something easy here...any guidance is appreciated, thanks!
-
This post is deleted! -
Disable DNS Resolver
Enable DNS Forwarder
Edit System - General Setup - DNS Server Settings so that it only has the IP address of your pihole
Redirect all LAN-based DNS requests to pfSense:
https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense
You could also keep using DNS Resolver instead of DNS Forwarder, but select the option to run it in forwarding mode.
You put firewall rules on the interface that the traffic enters, not exits, so your DNS rules on WAN are useless.
-
Thanks! I followed your second recommendation and just put the resolver in forwarding mode as that seemed the easiest and is working as expected!