Assigning Client IP to a different DNS server in DNS Resolver

  • I have OpenDNS as my forwarding mode, so by default all Clients are resolving to OpenDNS, this setup also works fine with the Host Overrides I created. Now, I would like to have a few Client IPs to bypass OpenDNS, like using Google DNS instead. Is there a wild card to achieve this?

  • Just set those clients to use 8.8.8 instead of pfSense LAN IP for DNS. If they're DHCP clients then you could create different pools with different DNS and statically assign the clients to the pool you want.

  • @KOM Thank you for the reply. I already tried assigning Google DNS statically. However, after doing that the Host Overrides I created are no longer resolving. In my case for example, I was able to spoof instagram to work via the custom feature, since it is being blocked by OpenDNS, where at the same time the Host Overrides still works. I was thinking maybe a wild card of the same behavior exist to work in assigning Client IP to a separate DNS server and at the same time my Host Overrides will still work..

  • Ah right, I forgot about retaining the overrides. I can't think of a way for you to do this. Maybe @johnpoz can offer something.

  • LAYER 8 Global Moderator

    Only way to do this is with views, where you keep a different caches per view.. Bind can do this. Unbound doesn't

    Easy way to do it just point your client to different NS on your network - which a domain delegation that says hey I to look up yourlocaldomain.tld ask pfsense, or anything else you want to bypass from asking opendns.

    Pfsense just resolves, or forwards to something than opendns. While your other NS forwards to opendns..

    Client you want to use opendns - point to this NS, clients you want to not use opendns point direct to pfsense. Everyone can resolve local stuff.

    This could be done on pfsense with say bind and unbound listening on different IPs

    I kind of do this with pihole - devices normally point to pihole, which forwards to pfsense. If I need to resolve something that is blocked by pihole I just query pfsense dns directly, or change my clients ns to pfsense vs pihole.

  • @johnpoz Thank you for the insights..

Log in to reply