Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Force/Redirect DNS queries to 8.8.8.8 to another DNS server (internal or external)

    Scheduled Pinned Locked Moved Firewalling
    7 Posts 4 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lightningbit
      last edited by

      Hi,

      I've looked around, but could not find an immediate answer.

      Here is the situation:

      • PFSense DHCP is configured to send/set 2 internal DNS servers for any client on the network to use
      • I've some (home automation) devices on my network, with little configuration options (basically set wifi name and wifi passphrase, that's it)
      • which get an IP address from PFSense
      • BUT, they are not using the DNS servers given by my DHCP setup. It seems the vendor is hardcoding the DNS server (in many cases those of google)

      The question :

      • is there a way to force or redirect and queries arriving on the FW "SOURCEIP -> 8.8.8.8:53"
      • to another DNS server (preferably internal one, or at minimum for example 1.1.1.1)

      Thanks

      1 Reply Last reply Reply Quote 0
      • R
        Rai80
        last edited by Rai80

        Yes there is! You can use NAT with redirection. Change its destination IP from 8.8.8.8 -> 1.1.1.1 with redirect target IP

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          https://docs.netgate.com/pfsense/en/latest/dns/redirecting-all-dns-requests-to-pfsense.html

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • L
            lightningbit
            last edited by lightningbit

            Thanks for the info

            with that, I'll try to figure out my ideal setup :
            I've 2 internal DNS,
            x.x.x.12 and x.x.x.13
            which are allowed to (and will) forward non-internal or local requests to Cloudflare DNS (1.1.1.1, 1.0.0.1)
            The Firewall itself is also allowed to forward to Cloudflare DNS
            All other requests which are not going to one of the internal dns first (like for those devices with hardcoded dns) should be forced to one of the internal dns

            Would that also be possible?

            Thanks

            L 1 Reply Last reply Reply Quote 0
            • L
              lightningbit @lightningbit
              last edited by

              Has anyone else tried a similar setup before?

              1 Reply Last reply Reply Quote 0
              • B
                bcruze
                last edited by

                i do this with several devices on my network.

                1. create static mappings for the devices
                2. find the device under services > DHCP server > at the bottom of the page edit the properties of the device > under DNS servers. add which ever DNS server you want. then apply/ apply. and reboot the device
                R 1 Reply Last reply Reply Quote 0
                • R
                  Rai80 @bcruze
                  last edited by

                  @bcruze said in Force/Redirect DNS queries to 8.8.8.8 to another DNS server (internal or external):

                  i do this with several devices on my network.

                  1. create static mappings for the devices
                  2. find the device under services > DHCP server > at the bottom of the page edit the properties of the device > under DNS servers. add which ever DNS server you want. then apply/ apply. and reboot the device

                  This has no effect on hardcoded DNS servers.
                  You should use nat with redirection

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.