Configure DNS for VPN and LAN
-
Hello All,
I am trying to find a solution if it is possible for the following setup of mine at home.
I am using pfblockerng to block ads at the firewall, which is working very well and snort which I am struggling to understand but will get there.
My setup is as follows
WAN,
LAN subnet w WLAN(for normal Internet browsing) using WAN as gateway,
OPT1 as openVPN subnet w WLAN (to access US netflix) using VPN as gateway,
OPT2 as separate subnet w WLAN using WAN as gateway to access my local netflix where DNS is manually entered in the DHCP server config.I have setup my VPN provider's DNS in the General settings with gateway as my VPN interface. I have enabled forwarding in DNS resolver and only selected VPN as my outbound interface for the resolver. My NAT outbound rules are configured. On the firewall rules for LAN, OPT1(VPN) and OPT2 i have manually selected the gateways I wanted
I can Internet from LAN and OPT1(VPN) provided VPN is up and running because DNS queries are going to VPN DNS server. My ads are blocked and I can access US Netflix on the OPT1(VPN). However, I am unable to access my local netflix on the LAN which I think is correct because VPN DNS server might is blocking request when coming from LAN interface.
Here comes OPT2 which I have configures soley to acces local netflix where I have configued my isp dns through the DHCP server. But unfortunatly I can’t block ads because DNSBL required the firewall to the DNS server.
My question:
Is it possible to have a setup so that the LAN can go through ISP DNS server and I can access local netflix with ads blocked and VPN subnet go through VPN interface and queries VPN DNS for US netflix and block ads.
This way I won;t be needing OPT2 interface where ads are not blocked.
I will greatly appreciate advise and help in this matter
Regards
Sam -
Is it possible to have a setup so that the LAN can go through ISP DNS server and I can access local netflix with ads blocked and VPN subnet go through VPN interface and queries VPN DNS for US netflix and block ads.
As far as having different subnets use different DNS settings, yes you can do that. The best way to do that is to turn off forwarding mode and just use the built in Resolver as is. All you are doing by using your VPN or ISP's DNS servers is using a man in the middle. Both the VPN & then ISP get their information form the root servers and then pass that info on to you. PfSense allows you to cut out the middle man and go straight to the root servers yourself. Since you are using a VPN client and use their DNS server, I assume you are in it for anonymity. You can have even more anonymity by just using the resolver without forwarding:
On your LAN interface write a firewall rule to pass DNS and under advanced select your VPN client as your gateway, now all of your DNS requests are routed through your VPN to the root servers.
On the interface you want non-VPN DNS on, just don't specify the VPN as the gateway.
Check these out:
https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers
https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSenseUnfortunately, I don't believe that any of this will solve the problem you are talking about. Netflix is blocking you based on your VPN IP, they don't care which DNS server you use they are still going to block you if you use the VPN IP.