I'm like a problem where I'm trying to solve it in 3 days but I do not succeed.
My company hired the opendns (umbrella) cisco service.
My pfsense has the service of the captive portal and dhcp
After setting the DNS servers 220.127.116.11 and 18.104.22.168 and setting the DISABLE DNS FORWARD option, pfsense queries all the DNS queries configured on the machines that are connected via DHCP where the default gateway and dns and pfsense are not using DNS configured pfsens is directly resolving the domain where it is registered. ex.
[2.4.3-RELEASE] [firstname.lastname@example.org] / root: cat /etc/resolv.conf
Navigating the stations I can observe that pfsense performs the DNS lookup query by the domain and not by the configured dns.
11: 46: 07.657672 IP xxx.xxx.xxx.xxx.11225> 22.214.171.124.53: 64935% [1au] A? www.xvideos.com. (44)
11: 46: 07.789036 IP 126.96.36.199.53> xxx.xxx.xxx.xxx.11225: 64935 * - 11/0/1 CNAME xvideos.com., A 188.8.131.52, A 184.108.40.206, A 220.127.116.11 , A 18.104.22.168, A 22.214.171.124, A 126.96.36.199, A 188.8.131.52, A 184.108.40.206, A 220.127.116.11, A 18.104.22.168 (218)
If anyone has passed through this please give me a hint there ..
You understand out of the box pfsense RESOLVES via unbound... If you want pfsense to forward to opendns, then you should setup forward mode in unbound, or use the forwarder and not unbound.
Thank you for your help.
I did this exactly and all the access was just for configured DNS
The problem is that I have some entries in DSN Resolver and when I enable the forward I have to disable the resolver because it does not allow me to use the same interface
follow the error
The DNS Forwarder is enabled using this port. Choose a non-conflicting port, or disable the DNS Forwarder.
You need to choose what your going to use.. Be it the forwarder or the resolver, you can not use both..
As I stated you can use the "forwarder" mode in unbound.. Which is just a check box in the settings of unbound (resolver)... Or you can turn off unbound and just use the forwarder (dnsmasq).
No you can not use both at the same time, on the same port its an either or.. Its up to use which one you use.. If all your going to do forwarder prob be fine, and can be set to forward to all of your listed NS at the same time and use the fastest response, etc.
For some strange reason I don't think its "ok" do you understand the difference between forwarding and resolving?
Yes, I understood
I was already wary of this but the manual entries I have inside the DNS Resolve squid is still reading.
Thank you for your help
So you enabled forwarder mode in unbound... When you ask unbound, if it has it locally or cached its not going to go ask anything be it forward or resolve.
So if you create a host override - that will be returned when that is asked for.. Its the whole point of "override".. You could return 10.10.10.10 for www.google.com if you wanted too.