dns resolver



  • Dear.

    I'm like a problem where I'm trying to solve it in 3 days but I do not succeed.

    My company hired the opendns (umbrella) cisco service.
    My pfsense has the service of the captive portal and dhcp
    After setting the DNS servers 208.67.222.222 and 208.67.220.220 and setting the DISABLE DNS FORWARD option, pfsense queries all the DNS queries configured on the machines that are connected via DHCP where the default gateway and dns and pfsense are not using DNS configured pfsens is directly resolving the domain where it is registered. ex.

    Pfsense Conf
    [2.4.3-RELEASE] [admin@xxxx.localdomain] / root: cat /etc/resolv.conf
    search localdomain
    nameserver 208.67.222.222
    nameserver 208.67.220.220

    Navigating the stations I can observe that pfsense performs the DNS lookup query by the domain and not by the configured dns.

    11: 46: 07.657672 IP xxx.xxx.xxx.xxx.11225> 69.55.52.220.53: 64935% [1au] A? www.xvideos.com. (44)
    11: 46: 07.789036 IP 69.55.52.220.53> xxx.xxx.xxx.xxx.11225: 64935 * - 11/0/1 CNAME xvideos.com., A 185.88.181.5, A 185.88.181.6, A 185.88.181.7 , A 185.88.181.8, A 185.88.181.9, A 185.88.181.10, A 185.88.181.11, A 185.88.181.2, A 185.88.181.3, A 185.88.181.4 (218)

    If anyone has passed through this please give me a hint there ..


  • LAYER 8 Global Moderator

    You understand out of the box pfsense RESOLVES via unbound... If you want pfsense to forward to opendns, then you should setup forward mode in unbound, or use the forwarder and not unbound.



  • johnpoz

    Thank you for your help.

    I did this exactly and all the access was just for configured DNS

    The problem is that I have some entries in DSN Resolver and when I enable the forward I have to disable the resolver because it does not allow me to use the same interface

    follow the error

    The DNS Forwarder is enabled using this port. Choose a non-conflicting port, or disable the DNS Forwarder.


  • LAYER 8 Global Moderator

    You need to choose what your going to use.. Be it the forwarder or the resolver, you can not use both..

    As I stated you can use the "forwarder" mode in unbound.. Which is just a check box in the settings of unbound (resolver)... Or you can turn off unbound and just use the forwarder (dnsmasq).

    No you can not use both at the same time, on the same port its an either or.. Its up to use which one you use.. If all your going to do forwarder prob be fine, and can be set to forward to all of your listed NS at the same time and use the fastest response, etc.



  • OK..Tks..


  • LAYER 8 Global Moderator

    For some strange reason I don't think its "ok" do you understand the difference between forwarding and resolving?



  • Yes, I understood

    I was already wary of this but the manual entries I have inside the DNS Resolve squid is still reading.

    Thank you for your help

    abs

    Diego


  • LAYER 8 Global Moderator

    So you enabled forwarder mode in unbound... When you ask unbound, if it has it locally or cached its not going to go ask anything be it forward or resolve.

    So if you create a host override - that will be returned when that is asked for.. Its the whole point of "override".. You could return 10.10.10.10 for www.google.com if you wanted too.


Log in to reply