Using OpenDNS Family Shield as pfBlockerNG "source"?



  • Hello
    Apologies if this has been covered previously - various searches have not provided me with the answer I am looking for.

    I have installed pfBlockerNG with DNSBL + TLD which works well, albeit requiring a reasonable amount of RAM.

    It got me wondering if it is feasible to use OpenDNS Family Shield as the upstream DNS servers, but then configuring pfBlockerNG to serve the "blocked website" page.

    In effect, I think I am asking if it is possible for pfBlockerNG to realise that the upstream DNS server has responded with an IP address which resolves to either phish.opendns.com or block.opendns.com.... and then substitute that IP address for its own VIP 10.10.10.1.

    The result of this is that the client will see a "blocked website" web page which has been served locally by pfSense/pfBlockerNG (and therefore can be customised/branded) but based on blacklist information maintained by OpenDNS. This would obviously reduce the need to maintain the DNSBL blacklists on pfSense itself, thus reducing the RAM required.

    Thanks,
    Mark


Log in to reply