Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    External DNS Query Blocking

    Firewalling
    2
    4
    433
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      Iceman24 last edited by

      I found the official guide that mentions how to enforce OpenDNS on your network rather than it being bypassed on individual computers. This link.

      https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

      First, I discovered the possibility on another site that was using the method at the bottom of the official guide. This link.

      https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers

      My question is why are these 2 methods listed as if they can be used in conjunction? They seem to do same thing. Is one way better? Should I do both?

      1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator last edited by

        There are many ways to skin a cat.. One is a block.. So if user is not using dns that is allowed its blocked user gets back no answer to their query.

        In a redirect… user thinks he is using dns 1.2.3.4 and gets redirect to where you want his dns to go..

        Neither of them need to be done.  Unless you feel there is some reason.  I do neither of those on my network because there is no point to them from my point of view.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

        1 Reply Last reply Reply Quote 0
        • I
          Iceman24 last edited by

          I see now. Thanks. I understand how one redirect and the other blocks. This will be useful to me at times. I don't quote understand the point of using them together now. If you redirect DNS requests to pfSense, why would you block those same requests when they are getting redirected to place you want them to go?

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            you wouldn't but you might redirect only specific dns for example.. And block the rest or any sort of odd combinations.

            Maybe you let IP X use only 8.8.8.8, if trying to use 1.2.2.4 redirect..  While maybe you just plain block IP Y because you don't want it to get any dns, etc. etc..

            Lots of ways to skin that cat your wanting to skin ;)

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

            1 Reply Last reply Reply Quote 0
            • First post
              Last post