Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    External DNS Query Blocking

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 793 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      Iceman24
      last edited by

      I found the official guide that mentions how to enforce OpenDNS on your network rather than it being bypassed on individual computers. This link.

      https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

      First, I discovered the possibility on another site that was using the method at the bottom of the official guide. This link.

      https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers

      My question is why are these 2 methods listed as if they can be used in conjunction? They seem to do same thing. Is one way better? Should I do both?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        There are many ways to skin a cat.. One is a block.. So if user is not using dns that is allowed its blocked user gets back no answer to their query.

        In a redirect… user thinks he is using dns 1.2.3.4 and gets redirect to where you want his dns to go..

        Neither of them need to be done.  Unless you feel there is some reason.  I do neither of those on my network because there is no point to them from my point of view.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • I
          Iceman24
          last edited by

          I see now. Thanks. I understand how one redirect and the other blocks. This will be useful to me at times. I don't quote understand the point of using them together now. If you redirect DNS requests to pfSense, why would you block those same requests when they are getting redirected to place you want them to go?

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            you wouldn't but you might redirect only specific dns for example.. And block the rest or any sort of odd combinations.

            Maybe you let IP X use only 8.8.8.8, if trying to use 1.2.2.4 redirect..  While maybe you just plain block IP Y because you don't want it to get any dns, etc. etc..

            Lots of ways to skin that cat your wanting to skin ;)

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.