Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense dns options (for my requirements)

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 308 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      repomanz
      last edited by

      Hi folks,

      I'm new to pfsense but I'm up and running now and has been quite cool to implement this so far. However I need to do some tuning in my configuration that suits my needs and i'm not sure what the best practice is here so turning to the pfsense team & community for guidance around my dns needs.

      information about my configuration so far:

      • I am using google dns (under general settings)
      • I have dhcp addresses being leased out by pfsense
      • In my dhcp server properties, i do not have any dns ips entered thus using google dns servers
      • I have a my entire network being tunneled over to my VPN provider
      • I am currently using dns resolver, dns forwarder is not enabled
      • I have pfblockerng enabled with geoip, ip4 and ip6 black lists defined
      • I static dhcp mappings defined

      However i need some guidance around these items (as a holistic solution):
      1. need to block specific websites (like adult) for certain clients within the LAN
      2. would like to ad block the entire internal network
      3. need to resolve static ip dns within the lan

      Solutions I've tried but they don't seem to work correctly:
      *I've added the pihole IP in the dhcp server definition. This works well for blocking ads across the lan but then my clients lose dns information on the static dhcp mappings defined in pfsense. Additionally pihole doesn't let me block adult themed websites for specific clients
      *I have tried pfblockerng dnsbl but when browsing websites with ads the client browser doesn't seem to like the domains being black listed and leaves a terrible looking page (broken links and such).
      *I haven't tried this yet but I thought about building another pihole for these specific clients that need to be blocked by using opendns or norton. I would then use the dns value in these clients static dhcp mapping.

      All of these above seem to be pretty rookie/kludgy. Is there a better solution with pfsense and other packages? Trying to find a clean solution that meets the 3 requirements above. In my home router, asus rt68u these requirements were easily done so just trying to figure out how to do it within pfsense.

      thanks!

      JJ

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.