Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems with setting up my dns server !

    Scheduled Pinned Locked Moved Firewalling
    pfsenseproxydnsfirewallserver
    9 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rey149
      last edited by

      Hello guys i know you might have heard this a thousand times but I’m having problems setting up a dns server. as You might guess I’m still new at pfsense , hopefully you guys out there will solve the issue that has been tormenting me for some Time now. Without further delay let’s continue
      I currently have a PowerEdge R710 server running ESXi 6.0.0 with pFsense 2.4.3_1 running on a virtual machine.
      I am trying to make pfsense my main dns server meaning I want all the devices connected to my router to go through the dns in pfsense instead of the router’s dns and through the squidguard filter to block sites so far it has not worked and can’t figure out what is wrong with it , any help will be appreciated, thanks

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Will without some info of what you did, its impossible to help you figure out what your doing wrong.

        Out of the box pfsense would do exactly what you want for dns. Out of the box it resolves, and points any dhcp clients to itself for dns.

        As to what your doing wrong with that or squid - again impossible to help you without some clue to what you think you did or did not do, etc.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • R
          rey149
          last edited by rey149

          @johnpoz Hello and thanks for you’re reply , here is what I have done so far while trying to follow many online guides. And more info along the way.

          The reason I believe the dns server is not working is because the websites on the squidguard blacklist are not being blocked
          I first made a NAT rule with the following settings:

          Interface:LAN
          Protocol: TCP/UDP
          Destination:Any
          Destination Port range: from port: DNS to DNS
          Redirect target IP: 127.0.0.1
          Redirect target port:DNS

          DNS resolver is on at port 53
          Network interface and outgoing are set to All

          The system domain local zone type is set to transparent
          The other settings are default

          As to squid settings

          In squid proxy server settings
          Proxy is enabled

          Transparent http proxy enabled to forward all requests to port 80 interface is set to LAN

          https/ssl interception is enabled the mode is set to splice all
          The squid local cache on hardisk the size is 500mb

          On squidguard the service is started
          All loggin is enabled
          Blacklist is enabled and set as shallalist.tar.gz
          I have a target category set

          In common acl I have default access[all] in deny
          DNS fowarder is off

          Thanks for your help I believe it might be something in my router I might consider putting my xfinity combo modem in bridge mode and move all the routing functions to pfsense if necessary

          If you need more info than that please tell me.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Why do you think that dns stuff is required? As I stated out of the box dhcp clients will be set to use pfsense. Why do you think you need to redirect? Do you have devices that use their own dns be it static or don't listen to what you set via dhcp? Like some iot device?

            Also you can post up what you think you did all day long - post up pictures of what actually is set..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • R
              rey149
              last edited by

              @johnpoz hello again ,

              I realized that I was messing with the settings to much, and taking that in account, I re installed the pfsense system with its default settings, with careful modifications, the pfsense firewall is now fully functional and detectable by all my devices, the only problem I have now is with squidguard , I want it to redirect addresses in the shalla blacklist to another address inside the network I am going to post images of the configuration shortly

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Any issues you have with squidguard should be posted in the packages section on the forum.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • R
                  rey149
                  last edited by

                  @johnpoz hello again I did what you recommended and put up another post with the issue in pfsense packages
                  thank you for all the help and your time have a nice day! 👍😉

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    You too.. You should get more traction there on squid related problems then here.. If I run into something interesting on squid I might try and duplicate the problem sort of thing. But transparent filtering and ssl don't mix well.. Since the client never sends the connect like it does with explicit proxy setting.. So there is bound to be problems related to that that the day to day squid guys will be better suited to answer..

                    I only have squid on when trying to duplicate someone elses problem, etc.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    1 Reply Last reply Reply Quote 0
                    • GrimsonG
                      Grimson Banned
                      last edited by

                      If you just want to do DNS bases blacklisting you could take a look at pfBlockerNG.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.