Problems with setting up my dns server !

  • Hello guys i know you might have heard this a thousand times but I’m having problems setting up a dns server. as You might guess I’m still new at pfsense , hopefully you guys out there will solve the issue that has been tormenting me for some Time now. Without further delay let’s continue
    I currently have a PowerEdge R710 server running ESXi 6.0.0 with pFsense 2.4.3_1 running on a virtual machine.
    I am trying to make pfsense my main dns server meaning I want all the devices connected to my router to go through the dns in pfsense instead of the router’s dns and through the squidguard filter to block sites so far it has not worked and can’t figure out what is wrong with it , any help will be appreciated, thanks

  • Rebel Alliance Global Moderator

    Will without some info of what you did, its impossible to help you figure out what your doing wrong.

    Out of the box pfsense would do exactly what you want for dns. Out of the box it resolves, and points any dhcp clients to itself for dns.

    As to what your doing wrong with that or squid - again impossible to help you without some clue to what you think you did or did not do, etc.

  • @johnpoz Hello and thanks for you’re reply , here is what I have done so far while trying to follow many online guides. And more info along the way.

    The reason I believe the dns server is not working is because the websites on the squidguard blacklist are not being blocked
    I first made a NAT rule with the following settings:

    Protocol: TCP/UDP
    Destination Port range: from port: DNS to DNS
    Redirect target IP:
    Redirect target port:DNS

    DNS resolver is on at port 53
    Network interface and outgoing are set to All

    The system domain local zone type is set to transparent
    The other settings are default

    As to squid settings

    In squid proxy server settings
    Proxy is enabled

    Transparent http proxy enabled to forward all requests to port 80 interface is set to LAN

    https/ssl interception is enabled the mode is set to splice all
    The squid local cache on hardisk the size is 500mb

    On squidguard the service is started
    All loggin is enabled
    Blacklist is enabled and set as shallalist.tar.gz
    I have a target category set

    In common acl I have default access[all] in deny
    DNS fowarder is off

    Thanks for your help I believe it might be something in my router I might consider putting my xfinity combo modem in bridge mode and move all the routing functions to pfsense if necessary

    If you need more info than that please tell me.

  • Rebel Alliance Global Moderator

    Why do you think that dns stuff is required? As I stated out of the box dhcp clients will be set to use pfsense. Why do you think you need to redirect? Do you have devices that use their own dns be it static or don't listen to what you set via dhcp? Like some iot device?

    Also you can post up what you think you did all day long - post up pictures of what actually is set..

  • @johnpoz hello again ,

    I realized that I was messing with the settings to much, and taking that in account, I re installed the pfsense system with its default settings, with careful modifications, the pfsense firewall is now fully functional and detectable by all my devices, the only problem I have now is with squidguard , I want it to redirect addresses in the shalla blacklist to another address inside the network I am going to post images of the configuration shortly

  • Rebel Alliance Global Moderator

    Any issues you have with squidguard should be posted in the packages section on the forum.

  • @johnpoz hello again I did what you recommended and put up another post with the issue in pfsense packages
    thank you for all the help and your time have a nice day! 👍😉

  • Rebel Alliance Global Moderator

    You too.. You should get more traction there on squid related problems then here.. If I run into something interesting on squid I might try and duplicate the problem sort of thing. But transparent filtering and ssl don't mix well.. Since the client never sends the connect like it does with explicit proxy setting.. So there is bound to be problems related to that that the day to day squid guys will be better suited to answer..

    I only have squid on when trying to duplicate someone elses problem, etc.

  • If you just want to do DNS bases blacklisting you could take a look at pfBlockerNG.