Multiple VLANs with different DNS for each VLAN



  • Objective: Two separate networks (VLAN, wifi SSIDs) - one unrestricted, one for kids.

    Restriction summary: Time, MAC address, DNS resolution

    Equipment & tech: pfSense, UniFi, Ubiquiti wifi access point, OpenDNS

    The two VLANs are configured through to the wifi access points. pfSense is configured with two networks via two interfaces: Unrestricted interface, kids interface. Both are also on different subnets and have different DHCP configurations.

    Devices getting IP addresses from the kids' DHCP get configured with DNS addresses from OpenDNS. Devices querying the unrestricted DHCP get DNS from a local BIND server.

    I am at the end of my expertise on how to set up pfSense to forward DNS requests from the kids' network to OpenDNS while allowing requests from the unrestricted network to go to Google DNS. For the kids' network, I must also block DNS requests made to alternate servers.

    I appreciate any help you provide.


  • Rebel Alliance Global Moderator

    In the dhcp server hand out what ever dns you want the dhcp clients to use.  On the firewall rules for that vlan only allow dns to what your handing out. Block all other dns.

    Remember rules are evaluated top down, first rule to trigger wins no other rules are evaluated.