How can i use DNS Host override (DNS Resolver) on a VPN connection



  • Hello All,

    I have a VPN setup on pfsense to set an alias list of internal IP's to that VPN (see below link). For some reason that I don't understand, these IPs needs to have specific DNS address assigned to them. It seems I can use the VPN dns server, googles or opendns family, however, my PFsense DNS Resolver will not work as advised in the link.

    In my DNS resolver, I have a host override that redirects a host to a different external IP and as we can see, my VPN'd device can't access this host override. Do I have a way to get my IPs using VPN to do a host override? In my DNS Resolver i have the ability to allow it on VPN interface as well but don't really understand the ramifications.

    VPN Setup:
    https://www.reddit.com/r/PFSENSE/comments/6edsav/how_to_proper_partial_network_vpn_with_kill_switch/

    1. Fix DNS
      Navigate to Services -> DHCP Server
      Remember those static mapping you made earlier for your machines on your pia_redirect_group? Open them up and add DNS servers to them.
      http://i.imgur.com/ahDzIv4.png
      The reason we want to use external servers and not the DNS Resolver is this will make any machine in the pia_redirect_group send its DNS queries down the VPN. If queries were sent to your default resolver, they would go out your WAN gateway and not your VPN. This would be a leak. Machines on your VPN should now be able to visit websites correctly (you may need to renew their DHCP leases)

    My DNS Resolver settings:
    Enable DNSSEC Support

    Custom options:
    server:
    do-not-query-localhost: no

    forward-zone:
    name: "."
    forward-addr:127.0.0.1@55
    forward-addr:127.0.0.1@56
    forward-addr:127.0.0.1@57
    forward-addr:127.0.0.1@58
    forward-addr:127.0.0.1@59
    server:include: /var/unbound/pfb_dnsbl.*conf