I got the wrong default server



  • I am using the latest version of pfsense (2.4.4-RELEASE-p3 (amd64))
    I have downloaded PfblockerNG-devel in order to block porn and gamble websites.

    b7ef48e5-c129-4c2c-8247-710aea6b0195-image.png

    When I have configured my DNSBL's I went to test it on my cmd using nslookup.
    Instead of my intended dns (192.168.1.10) I got one from google (8.8.8.8).

    3d2afe6a-1489-44e4-a7a0-c38c11a01bb6-image.png

    0b1ed65c-8794-42a4-9cef-1dbf96061ab6-image.png



  • Update: I have figured out why I had it in the first place.
    I had set my client's address at dhcp (for my dhcp server inside pfsense) and I had to change my primary dns from 8.8.8.8 to 192.168.1.10

    3be8cecc-34ee-4062-a562-8e655124e418-image.png



  • @Chasire said in I got the wrong default server:

    I got one from google (8.8.8.8).

    edit => you figured it out already : good 👍
    Still, read on, for some tips to enforce pfSense DNS usage.

    Easy solution : You should install DNSBL on Google DNS systems ;)

    Better solution : When you assign "8.8.8.8" to some PC, it will "8.8.8.8" as it's DNS, thus completely bypassing pfSense. Makes sense, right ?
    nslookup tells you what DNS server it's using.

    Your PC's should do have "pfSense" as your it's only DNS "server".
    It should receive the DNS requests, and handle upon them. Using DNSBL if yo have that installed.

    So, yet another example of "use the default values and you would have been good".

    Btw : you could even place firewall rules on LAN(s) that permit TCP & UDP port 53 requests, destination "pfSense" - and block right after that rule any other DNS request to "anywhere". As discussed in the manual. That would force every device to use pfSense - and the DNS filtering - or : the device wouldn't have DNS anymore.

    IMHO : if you think that you have to filter your DNS, I would strongly advice you to take "8.8.8.8" out of the equation right away. Your situation is like this : "something happens that you don't like, and now world's biggest company is also aware of that".

    And who is 192.168.123.2 ?


Log in to reply