• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Problems with setting up my dns server !

Scheduled Pinned Locked Moved Firewalling
pfsenseproxydnsfirewallserver
9 Posts 3 Posters 1.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rey149
    last edited by Aug 6, 2018, 7:32 PM

    Hello guys i know you might have heard this a thousand times but I’m having problems setting up a dns server. as You might guess I’m still new at pfsense , hopefully you guys out there will solve the issue that has been tormenting me for some Time now. Without further delay let’s continue
    I currently have a PowerEdge R710 server running ESXi 6.0.0 with pFsense 2.4.3_1 running on a virtual machine.
    I am trying to make pfsense my main dns server meaning I want all the devices connected to my router to go through the dns in pfsense instead of the router’s dns and through the squidguard filter to block sites so far it has not worked and can’t figure out what is wrong with it , any help will be appreciated, thanks

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Aug 6, 2018, 7:39 PM

      Will without some info of what you did, its impossible to help you figure out what your doing wrong.

      Out of the box pfsense would do exactly what you want for dns. Out of the box it resolves, and points any dhcp clients to itself for dns.

      As to what your doing wrong with that or squid - again impossible to help you without some clue to what you think you did or did not do, etc.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      • R
        rey149
        last edited by rey149 Aug 6, 2018, 8:47 PM Aug 6, 2018, 8:25 PM

        @johnpoz Hello and thanks for you’re reply , here is what I have done so far while trying to follow many online guides. And more info along the way.

        The reason I believe the dns server is not working is because the websites on the squidguard blacklist are not being blocked
        I first made a NAT rule with the following settings:

        Interface:LAN
        Protocol: TCP/UDP
        Destination:Any
        Destination Port range: from port: DNS to DNS
        Redirect target IP: 127.0.0.1
        Redirect target port:DNS

        DNS resolver is on at port 53
        Network interface and outgoing are set to All

        The system domain local zone type is set to transparent
        The other settings are default

        As to squid settings

        In squid proxy server settings
        Proxy is enabled

        Transparent http proxy enabled to forward all requests to port 80 interface is set to LAN

        https/ssl interception is enabled the mode is set to splice all
        The squid local cache on hardisk the size is 500mb

        On squidguard the service is started
        All loggin is enabled
        Blacklist is enabled and set as shallalist.tar.gz
        I have a target category set

        In common acl I have default access[all] in deny
        DNS fowarder is off

        Thanks for your help I believe it might be something in my router I might consider putting my xfinity combo modem in bridge mode and move all the routing functions to pfsense if necessary

        If you need more info than that please tell me.

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator
          last edited by Aug 7, 2018, 1:51 AM

          Why do you think that dns stuff is required? As I stated out of the box dhcp clients will be set to use pfsense. Why do you think you need to redirect? Do you have devices that use their own dns be it static or don't listen to what you set via dhcp? Like some iot device?

          Also you can post up what you think you did all day long - post up pictures of what actually is set..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          1 Reply Last reply Reply Quote 0
          • R
            rey149
            last edited by Aug 7, 2018, 5:15 PM

            @johnpoz hello again ,

            I realized that I was messing with the settings to much, and taking that in account, I re installed the pfsense system with its default settings, with careful modifications, the pfsense firewall is now fully functional and detectable by all my devices, the only problem I have now is with squidguard , I want it to redirect addresses in the shalla blacklist to another address inside the network I am going to post images of the configuration shortly

            1 Reply Last reply Reply Quote 0
            • J
              johnpoz LAYER 8 Global Moderator
              last edited by Aug 7, 2018, 5:23 PM

              Any issues you have with squidguard should be posted in the packages section on the forum.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.7.2, 24.11

              1 Reply Last reply Reply Quote 0
              • R
                rey149
                last edited by Aug 7, 2018, 6:09 PM

                @johnpoz hello again I did what you recommended and put up another post with the issue in pfsense packages
                thank you for all the help and your time have a nice day! 👍😉

                1 Reply Last reply Reply Quote 0
                • J
                  johnpoz LAYER 8 Global Moderator
                  last edited by Aug 7, 2018, 6:13 PM

                  You too.. You should get more traction there on squid related problems then here.. If I run into something interesting on squid I might try and duplicate the problem sort of thing. But transparent filtering and ssl don't mix well.. Since the client never sends the connect like it does with explicit proxy setting.. So there is bound to be problems related to that that the day to day squid guys will be better suited to answer..

                  I only have squid on when trying to duplicate someone elses problem, etc.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  1 Reply Last reply Reply Quote 0
                  • G
                    Grimson Banned
                    last edited by Aug 7, 2018, 6:14 PM

                    If you just want to do DNS bases blacklisting you could take a look at pfBlockerNG.

                    1 Reply Last reply Reply Quote 0
                    9 out of 9
                    • First post
                      9/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received