Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Use different DNS providers for both DNS forwarder and DNS Resolver

    Scheduled Pinned Locked Moved DHCP and DNS
    8 Posts 3 Posters 645 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Panja
      last edited by

      Both DNS forwarder and DNS resolver are setup on my pfSense box.
      I would like one of the two services to use OpenDNS (with their dns filter) and the other one use CloudFlare DNS.

      DNS forwarder uses the DNS settings in System -> General.
      DNS Resolver will use them as well if I set it to forward mode.

      Is there a way I can set DNS forwarder to use OpenDNS and DNS Resolver to CloudFlare DNS?

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        I can't imagine why you would need to do this in the first place.  What's your use case?

        1 Reply Last reply Reply Quote 0
        • P
          Panja
          last edited by

          Not every network is the same.  ;)

          I have a few VLAN's which need to go over OpenDNS (with dns filtering on), the "kids" VLAN.
          Also I have an "admin" VLAN which needs dns filtering off, so I can't use OpenDNS there.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            I would just modify the DHCP server on the kids VLAN to serve them the OpenDNS servers.

            1 Reply Last reply Reply Quote 0
            • P
              Panja
              last edited by

              But that would not allow me to use host overrides…
              Not an option for me.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                To be honest I would just use bind for such complex setup.  While unbound did add views a few versions back.  I do not believe you can add different forwarder options, etc.  So vs running both dnsmasq and unbound.

                Why not just run bind?  Which in that you can create specific views so that IP X or network Y get forwarded to A, while others get forwarded to B, etc.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • P
                  Panja
                  last edited by

                  I solved this by running both DNS Forwarder and DNS Resolver.
                  DNS resolver on a different port (1053) and setup a port forward.
                  DNS forwarder set to forward to OpenDNS and DNS resolver setup with custom options:

                  
                  server:
                  forward-zone:
                  name: "."
                  forward-ssl-upstream: yes
                  forward-addr: 1.1.1.1@853
                  forward-addr: 1.0.0.1@853
                  
                  

                  Is does work without TLS/SSL as well:

                  
                  server:
                  forward-zone:
                  name: "."
                  forward-addr: 1.1.1.1@53
                  forward-addr: 1.0.0.1@53
                  
                  
                  1 Reply Last reply Reply Quote 0
                  • KOMK
                    KOM
                    last edited by

                    But that would not allow me to use host overrides…
                    Not an option for me.

                    You didn't mention anything about that requirement.  Glad to see you got something figured out and working.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.