Blocking DNS on specific interfaces

iSmokeCr4k

Hello,

I've subnet my network using two LAN interfaces. LAN 192.168.0.0/24 and VPNLAN 192.168.10.*/24. LAN has all my usual traffic and VPNLAN has my VPN traffic. I've followed the guide here https://nordvpn.com/pt/tutorials/pfsense/pfsense-openvpn/ and set my DNS settings to the ones suggested in the guide. I ran into a rather annoying problem. Netflix only allows google dns to resolve its name, using the dns settings in the guide I am unable to watch netflix  :'(. Not using the supplied dns server results in DNS leaks… ugh. What I would like is have my LAN use google dns (or what ever I supply), 8.8.8.8 and 8.8.4.4 and VPN lan use my supplied VPN dns. Any suggestions on how to best accomplish this?

JKnott

Netflix only allows google dns to resolve its name

????

That's not likely.  If it were true, it would break the way DNS works and people using cell phones etc., would be unable to access Netflix using the DNS their carrier provides their phone.  I suspect most people use the DNS provided by their ISP.  If they were blocked Netflix would lose a lot of business.

Also, there's no way for them to know what DNS server you used, as all connections are via IP address, not host name.

iSmokeCr4k

Sorry, I'm a real network newb. All I know is I am unable to go on Netflix whenever I have my VPN DNS server as my only lookup.

johnpoz

Yeah with JKnott, there is no way netflix is only allowing googledns.  What the problem is more than likely is netflix is blocking your vpn.  Which yeah many of the streaming services do because a vpn is used to circumvent geo location restrictions.

So in your lan dhcp or static on your boxes set them to use whatever dns you want.  In your vpn lan, set clients to only use your vpn dns directly via dhcp or on them, or let them use pfsense as their dns and setup pfsense to only use your vpn dns.

iSmokeCr4k

Here's the weird part, my LAN isn't using the VPN but it's the LAN that's blocked. The VPN however is able to connect to Netflix, I think this has something to do with the DNS.

In your vpn lan, set clients to only use your vpn dns directly via dhcp or on them, or let them use pfsense as their dns and setup pfsense to only use your vpn dns.

How do I accomplish this? No matter what I do my WAN is being used for DNS lookups.

johnpoz

In your dhcpd setting on pfsense for your lan put in the dns you want your client to use..

JKnott

@iSmokeCr4k:

Sorry, I'm a real network newb. All I know is I am unable to go on Netflix whenever I have my VPN DNS server as my only lookup.

I expect your problem is you're using a VPN.  Netflix blocks VPN users.

iSmokeCr4k

In your dhcpd setting on pfsense for your lan put in the dns you want your client to use..

Perfect, works like a charm. Thanks.

I expect your problem is you're using a VPN.  Netflix blocks VPN users.

My normal LAN subnet is not using a VPN, not sure what was happening but had something to do with the DNS query.