Having difficulty with implementation
-
This is my first time setting up pfsense and therefore pfblockerng-devel. I had some initial connection issues and issues with swapping out my old Sonicwall but have since resolved that. The unit seems pretty stable now after working through setting up pfblocker and it giving me fits with maximum table size, geoip blocking all wan traffic, and some other oddities. Now that its configured Im trying to wrap my head around how to get the DNS portion working so that my local windows server doing DHCP and DNS wont be affected by having to pfsense do the DNS in order for DNSBL to work for content filtering which is my ultimate goal. I would prefer not to change my DHCP settings which currently have the same server as DNS if possible. Ive read theres a way to forward all other resolvable traffic but Im not sure how to do that. Its a windows 2008 R2 and has something called Conditional Forwarder but I dont see how that would work in this case. What is recommended here? Currently with everything setup the clients are still resolving with the windows server and nothing is going through DNSBL. Thanks
-
You can use your existing DNS Server, and set the DNS Forwarders pointing to pfSense which will allow DNSBL to filter the DNS Requests. Then pfSense will go outbound for any permitted DNS traffic.
-
Ok found it and added the pfsense IP, does the result need to fully resolve the FQDN? I went in and added the correct domain for our windows domain to pfsense if that makes any difference. I did a /flushdns on the server and client (my workstation) but nothing seems to have changed. DNS still seems to be resolved by the windows server. Im missing something... just not sure what.
-
Is that supposed to be 10.1.1.254? 100.1.1.254 is a Verizon IP...
The FQDN will display if the Windows server can resolve the IP.
If the Windows server is set to forward it will pass the request on. There should be a checkbox somewhere in the settings as to whether it should use the root servers if it doesn't get a response from the forwarding server(s).
The Windows DNS server has a cache also, you can restart the server or right click the server in the DNS management console and "clear cache."
-
It appears to be working now that the cache is cleared, thanks.