Pfsense dns options (for my requirements)

General pfSense Questions
Log in to reply
  • R

    Hi folks,

    I'm new to pfsense but I'm up and running now and has been quite cool to implement this so far. However I need to do some tuning in my configuration that suits my needs and i'm not sure what the best practice is here so turning to the pfsense team & community for guidance around my dns needs.

    information about my configuration so far:

    • I am using google dns (under general settings)
    • I have dhcp addresses being leased out by pfsense
    • In my dhcp server properties, i do not have any dns ips entered thus using google dns servers
    • I have a my entire network being tunneled over to my VPN provider
    • I am currently using dns resolver, dns forwarder is not enabled
    • I have pfblockerng enabled with geoip, ip4 and ip6 black lists defined
    • I static dhcp mappings defined

    However i need some guidance around these items (as a holistic solution):
    1. need to block specific websites (like adult) for certain clients within the LAN
    2. would like to ad block the entire internal network
    3. need to resolve static ip dns within the lan

    Solutions I've tried but they don't seem to work correctly:
    *I've added the pihole IP in the dhcp server definition. This works well for blocking ads across the lan but then my clients lose dns information on the static dhcp mappings defined in pfsense. Additionally pihole doesn't let me block adult themed websites for specific clients
    *I have tried pfblockerng dnsbl but when browsing websites with ads the client browser doesn't seem to like the domains being black listed and leaves a terrible looking page (broken links and such).
    *I haven't tried this yet but I thought about building another pihole for these specific clients that need to be blocked by using opendns or norton. I would then use the dns value in these clients static dhcp mapping.

    All of these above seem to be pretty rookie/kludgy. Is there a better solution with pfsense and other packages? Trying to find a clean solution that meets the 3 requirements above. In my home router, asus rt68u these requirements were easily done so just trying to figure out how to do it within pfsense.

    thanks!

    JJ

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy