Redirect DNS requests from LAN clients to point to local FQDN, and other DNS requests -> external CloudFlare DNS over TLS
-
Hi, pfSense gurus!
Please clarify how redirect DNS(53) requests from LAN hosts (for example 192.168.88.0/24) to local host (server in separate LAN interface, for example 192.168.99.0/24) for certain FQDN name (for example publicweb.com) and all other DNS requests -> external CloudFlare DNS over TLS.
I already doing according Redirecting all DNS Requests to pfSense and Blocking DNS Queries to External Resolvers, but something working not as described.
Of course Host Overrides (with www aliases) and Enable DNSSEC Support, Enable Forwarding Mode, Register DHCP leases in the DNS Resolver are already done in Services / DNS Resolver / General Settings
server: ssl-upstream: yes do-tcp: yes forward-zone: name: "." forward-ssl-upstream: yes # Below addresses are CloudFlare resolvers forward-addr: 1.1.1.1@853 forward-addr: 1.0.0.1@853 forward-addr: 2606:4700:4700::1111@853 forward-addr: 2606:4700:4700::1001@853 # Below addresses are Quad9 resolvers forward-addr: 9.9.9.9@853 forward-addr: 149.112.112.112@853 forward-addr: 2620:fe::fe@853
How exactly to ensure that redirect DNS requests from LAN clients to point to local FQDN, and other DNS requests -> external CloudFlare DNS queries are being sent over TLS by performing a packet capture on the LAN/WAN interface?
Thanks for all advises. Have a nice day!
-
Any news?
-
What are you wanting to do exactly?
If you setup a forwarder in unbound, and you point your clients to unbound - they will resolve any local records via what unbound has for them.. So if you create a host override host.domain.tld that is what will be returned. Anything else would be forwarded to who you have setup for forwarding too.
If you have a local dns, that you would want unbound to resolve domain.tld records from that would be a domain override.
Anything that is not local, a host override or domain override would be either just be resolved or forwarded.. This is really how it works out of the box - so not exactly sure what your question is?