Pfsense dns options (for my requirements)

  • Hi folks,

    I'm new to pfsense but I'm up and running now and has been quite cool to implement this so far. However I need to do some tuning in my configuration that suits my needs and i'm not sure what the best practice is here so turning to the pfsense team & community for guidance around my dns needs.

    information about my configuration so far:

    • I am using google dns (under general settings)
    • I have dhcp addresses being leased out by pfsense
    • In my dhcp server properties, i do not have any dns ips entered thus using google dns servers
    • I have a my entire network being tunneled over to my VPN provider
    • I am currently using dns resolver, dns forwarder is not enabled
    • I have pfblockerng enabled with geoip, ip4 and ip6 black lists defined
    • I static dhcp mappings defined

    However i need some guidance around these items (as a holistic solution):
    1. need to block specific websites (like adult) for certain clients within the LAN
    2. would like to ad block the entire internal network
    3. need to resolve static ip dns within the lan

    Solutions I've tried but they don't seem to work correctly:
    *I've added the pihole IP in the dhcp server definition. This works well for blocking ads across the lan but then my clients lose dns information on the static dhcp mappings defined in pfsense. Additionally pihole doesn't let me block adult themed websites for specific clients
    *I have tried pfblockerng dnsbl but when browsing websites with ads the client browser doesn't seem to like the domains being black listed and leaves a terrible looking page (broken links and such).
    *I haven't tried this yet but I thought about building another pihole for these specific clients that need to be blocked by using opendns or norton. I would then use the dns value in these clients static dhcp mapping.

    All of these above seem to be pretty rookie/kludgy. Is there a better solution with pfsense and other packages? Trying to find a clean solution that meets the 3 requirements above. In my home router, asus rt68u these requirements were easily done so just trying to figure out how to do it within pfsense.