Problems with setting up my dns server !
Hello guys i know you might have heard this a thousand times but I’m having problems setting up a dns server. as You might guess I’m still new at pfsense , hopefully you guys out there will solve the issue that has been tormenting me for some Time now. Without further delay let’s continue
I currently have a PowerEdge R710 server running ESXi 6.0.0 with pFsense 2.4.3_1 running on a virtual machine.
I am trying to make pfsense my main dns server meaning I want all the devices connected to my router to go through the dns in pfsense instead of the router’s dns and through the squidguard filter to block sites so far it has not worked and can’t figure out what is wrong with it , any help will be appreciated, thanks
Will without some info of what you did, its impossible to help you figure out what your doing wrong.
Out of the box pfsense would do exactly what you want for dns. Out of the box it resolves, and points any dhcp clients to itself for dns.
As to what your doing wrong with that or squid - again impossible to help you without some clue to what you think you did or did not do, etc.
rey149 last edited by rey149
@johnpoz Hello and thanks for you’re reply , here is what I have done so far while trying to follow many online guides. And more info along the way.
The reason I believe the dns server is not working is because the websites on the squidguard blacklist are not being blocked
I first made a NAT rule with the following settings:
Destination Port range: from port: DNS to DNS
Redirect target IP: 127.0.0.1
Redirect target port:DNS
DNS resolver is on at port 53
Network interface and outgoing are set to All
The system domain local zone type is set to transparent
The other settings are default
As to squid settings
In squid proxy server settings
Proxy is enabled
Transparent http proxy enabled to forward all requests to port 80 interface is set to LAN
https/ssl interception is enabled the mode is set to splice all
The squid local cache on hardisk the size is 500mb
On squidguard the service is started
All loggin is enabled
Blacklist is enabled and set as shallalist.tar.gz
I have a target category set
In common acl I have default access[all] in deny
DNS fowarder is off
Thanks for your help I believe it might be something in my router I might consider putting my xfinity combo modem in bridge mode and move all the routing functions to pfsense if necessary
If you need more info than that please tell me.
Why do you think that dns stuff is required? As I stated out of the box dhcp clients will be set to use pfsense. Why do you think you need to redirect? Do you have devices that use their own dns be it static or don't listen to what you set via dhcp? Like some iot device?
Also you can post up what you think you did all day long - post up pictures of what actually is set..
@johnpoz hello again ,
I realized that I was messing with the settings to much, and taking that in account, I re installed the pfsense system with its default settings, with careful modifications, the pfsense firewall is now fully functional and detectable by all my devices, the only problem I have now is with squidguard , I want it to redirect addresses in the shalla blacklist to another address inside the network I am going to post images of the configuration shortly
Any issues you have with squidguard should be posted in the packages section on the forum.
@johnpoz hello again I did what you recommended and put up another post with the issue in pfsense packages
thank you for all the help and your time have a nice day!
You too.. You should get more traction there on squid related problems then here.. If I run into something interesting on squid I might try and duplicate the problem sort of thing. But transparent filtering and ssl don't mix well.. Since the client never sends the connect like it does with explicit proxy setting.. So there is bound to be problems related to that that the day to day squid guys will be better suited to answer..
I only have squid on when trying to duplicate someone elses problem, etc.
Grimson last edited by
If you just want to do DNS bases blacklisting you could take a look at pfBlockerNG.