Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    I got the wrong default server

    Scheduled Pinned Locked Moved pfBlockerNG
    3 Posts 2 Posters 432 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Chasire
      last edited by

      I am using the latest version of pfsense (2.4.4-RELEASE-p3 (amd64))
      I have downloaded PfblockerNG-devel in order to block porn and gamble websites.

      b7ef48e5-c129-4c2c-8247-710aea6b0195-image.png

      When I have configured my DNSBL's I went to test it on my cmd using nslookup.
      Instead of my intended dns (192.168.1.10) I got one from google (8.8.8.8).

      3d2afe6a-1489-44e4-a7a0-c38c11a01bb6-image.png

      0b1ed65c-8794-42a4-9cef-1dbf96061ab6-image.png

      1 Reply Last reply Reply Quote 0
      • C
        Chasire
        last edited by

        Update: I have figured out why I had it in the first place.
        I had set my client's address at dhcp (for my dhcp server inside pfsense) and I had to change my primary dns from 8.8.8.8 to 192.168.1.10

        3be8cecc-34ee-4062-a562-8e655124e418-image.png

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan
          last edited by Gertjan

          @Chasire said in I got the wrong default server:

          I got one from google (8.8.8.8).

          edit => you figured it out already : good 👍
          Still, read on, for some tips to enforce pfSense DNS usage.

          Easy solution : You should install DNSBL on Google DNS systems ;)

          Better solution : When you assign "8.8.8.8" to some PC, it will "8.8.8.8" as it's DNS, thus completely bypassing pfSense. Makes sense, right ?
          nslookup tells you what DNS server it's using.

          Your PC's should do have "pfSense" as your it's only DNS "server".
          It should receive the DNS requests, and handle upon them. Using DNSBL if yo have that installed.

          So, yet another example of "use the default values and you would have been good".

          Btw : you could even place firewall rules on LAN(s) that permit TCP & UDP port 53 requests, destination "pfSense" - and block right after that rule any other DNS request to "anywhere". As discussed in the manual. That would force every device to use pfSense - and the DNS filtering - or : the device wouldn't have DNS anymore.

          IMHO : if you think that you have to filter your DNS, I would strongly advice you to take "8.8.8.8" out of the equation right away. Your situation is like this : "something happens that you don't like, and now world's biggest company is also aware of that".

          And who is 192.168.123.2 ?

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.