Pfsense 2.3.1 with OpenDNS (Web filtering)
-
"it seems that DNS Resolver's implementation of DNSSEC is not compatible with OpenDNS"
huh?? You mean to say that opendns does not support dnssec.. Which they don't.. It's not an issue of the implementation of dnssec its that opendns does not support it at all.
You can use the forwarder mode of unbound with opendns - but you would have to disable dnssec because openvpn does not support it.
edit: Just noticed this is OLD thread.. Why did it pop up as new? Did someone spam it and then the spam got removed??
-
May I ask how you set up your Pfsense to auto-update the cached ip whenever your ISP changes your IP (dynamic ip)? My pfsense box was able to update my dyndns ip, but not my opendns ip.
TIA!
ast
-
@ast:
May I ask how you set up your Pfsense to auto-update the cached ip whenever your ISP changes your IP (dynamic ip)? My pfsense box was able to update my dyndns ip, but not my opendns ip.
Opendns uses dns-o-matic.com for dynamic dns updates to opendns. You can then configure dns-o-matic to update other dynamic dns providers or just define additional updaters in pfsense.
Kage_
-
image url) -
OpenDNS allows you to have more than one network registered with your account. You need to update the correct network. This article is old, so maybe this is a newer feature of OpenDNS. Anyway, OpenDNS help says to use the following for Hostname:
https://updates.opendns.com/nic/update?hostname=NetworkLabel
Where NetworkLabel is the name of the network in your account that you're trying to update. However, pfSense returns the error "The Hostname contains invalid characters."
-
Does anyone know if this still works with the latest version of pfsense? If not, what adjustments need to be made?
Thanks,
Truckin -
Yes, pfSense will still update your OpenDNS account with your current IP address. After that, it's just a matter of setting the OpenDNS servers as your DNS servers.
-
OK,
Thanks! I will start the config process now that I know these instructions still work.
Truckin -
Everything seemed to work fine with these instructions running the latest version of Pfsense. However, once I configured the firewall rules, specifically the 2nd one to block, I lost the ability to connect to the internet. Tried several different things but never could reach any website or ping it. If I left the first FW rule in place and removed the second one it works fine....so that's what I am running now. Not sure if that is the correct way to go though since the above instructions state to add both FW rules. Any advice?
Truckin -
@truckin
I suspect that you blocked DNS access to pfSense. You need to set a rule that allows UDP port 53 to connect to the pfSense box from the LAN above the rule(s) to block port 53.I just looked at my pfSense. I have OpenDNS defined in the Dynamic DNS rules. Under "Hostname" I entered the name of my network as I have defined it in OpenDNS. So, in the previous instructions, where it has the word NetworkLabel, all you need is to put NetworkLabel in the Hostname box, not the full string.
-
Ok,
I am not really sure how to do that? I just followed his instructions above. So does that mean I need to put the block rule back in like written above and also add another rule? -
@truckin I just double checked the picture above. He has a permit to allow DNS to a local LAN address prior to the block statement. Be aware that these statements default to TCP but DNS uses UDP, so change the drop down that says TCP to UDP when creating or editing the rules. You can also set them to allow both TCP & UDP, if you prefer.
The rules are executed in the order they appear, so the permit must preceed the block.
-
Thanks for the follow-up. I will redo the rules again and make sure the order is correct (Maybe that was the issue). I will report back once I have this completed.
Thanks again,
Truckin
