DNS issue

Gertjan

All I want is

No, you do no want that.

Your second image instructed pfSense that it should give 8.8.4.4 and 8.8.8.8 to your devices.
And so they use 8.8.4.4 and 8.8.8.8.

Do what I said above : locate these servers 8.8.4.4 and 8.8.8.8, install pfBlokcerNG also on them, and you'll be fine.

Ok, I known, I'm silly.
Just believe me : DITCH 8.8.8.8 - 8.8.4.4 etc etc etc
Use a DNS server to forward to if you pay them, like OpenDNS, which is actually a service very comparable to what you decided to do locally : pfBlockerNG.

@scorpoin said in DNS issue:

but what if a client use static ip and static dns 8.8.8.8 and 8.8.4.4 then how to block such clients.

First of all, 8.8.8.8 etc is not the Internet.
You think it is.
Internet worked fine 30 already 30 years before they came.

I even block all these 'free' DNS server IP using pfBlockerNg :
Bad for them if they try to use them. As an admin I've said that the local gateway is the networks DNS = pfSense.
Not some other hard coded DNS server.

Even my TV set - some smart TV, in power down mode right now, is hitting 8.8.8.8 all the time.
Interessting.
Scrw it.
( and it just works fine without 8.8.8.8 - as it will use pfSense to do the resolving ...
It's using 8.8.8.8 for the telemetric / usage / and of course so it has a backup DNS if the local admin fck*d up the local DNS, as it happens a lot these days )

scorpoin

I've removed other DNS and only added PFsense IP there .

NAT_RULE_LAN_DNS

Screenshot_2021-03-12 pfSense local landomain - Firewall NAT Port Forward.png

Firewall_LAN_DNS_Rule

Screenshot_2021-03-12 pfSense local landomain - Firewall Rules LAN(1).png

When giving a static ip to my test machine with public dns . it is working even giving opendns ip it is working too. Do I have to add some kind of list in pfblocker.
Now still the same situation :/ .

Gertjan

@scorpoin

172.16.159.254 is your pfSense LAN IP ?

Some devices use 853.
You do not block 853 for !172.16.159.254 .....

Btw : listing a snipped of firewall rules is useless.
All the rules have to be taken in account.

What if you were hiding a initial :

?

Or not telling about some floating rules ?

pfBlockerNG : see the image I showed above. You can see the name of the feed that blocks public DNSs.

Also check out Firewall > pfBlockerNG > DNSBL > DNSBL SafeSearch

scorpoin

@gertjan there you go

Safe_Search
Screenshot_2021-03-12 pfSense local landomain - Firewall pfBlockerNG DNSBL DNSBL SafeSearch.png

Floating_Rules
Screenshot_2021-03-12 pfSense local landomain - Firewall Rules Floating.png

I've already disabled allow all only allowed IP address will pass through.

Regards

Gertjan

@scorpoin

I've have no firewall rules to block any DNS.
I'm forcing devices to use my (pfSEnse) DNS.

Just pfBlockerNG - using these feeds :

and

and, as you can see, I block mostly [whatever]:53

scorpoin

@gertjan

can you point me toward the exact direction of those rules then I will test and look much deeper into this , might this thread will help some one else who is in similar situation :) .

Regards

rareskyfive

This post is deleted!

Gertjan

@scorpoin said in DNS issue:

can you point me

You use pfblockerNG, right ?
On the "Feeds" page.
Firewall > pfBlockerNG > Feeds
Hit Ctrl-F
Type Great
Hit enter.
You find two lines : the two images I showed you above.
Click on the word Great.
Github opens.
Click on the link "heGreatWall_ipv4.txt"
Hit Ctrl-F
Type 8.8.8.8
Hit enter.
You found the place where 8.8.8.8 is blocked - if you use this feed.

scorpoin

@gertjan Thanks

its done

If any one having this issue you can refer to this thread and get your issue resolved.

So far its working as I expected I also added public dns server from Feed .

Regards

rareskyfive

This post is deleted!