Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Redirect DNS requests from LAN clients to point to local FQDN, and other DNS requests -> external CloudFlare DNS over TLS

    Scheduled Pinned Locked Moved DHCP and DNS
    3 Posts 2 Posters 288 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Sergei_ShablovskyS
      Sergei_Shablovsky
      last edited by Sergei_Shablovsky

      Hi, pfSense gurus!

      Please clarify how redirect DNS(53) requests from LAN hosts (for example 192.168.88.0/24) to local host (server in separate LAN interface, for example 192.168.99.0/24) for certain FQDN name (for example publicweb.com) and all other DNS requests -> external CloudFlare DNS over TLS.

      I already doing according Redirecting all DNS Requests to pfSense and Blocking DNS Queries to External Resolvers, but something working not as described.

      Of course Host Overrides (with www aliases) and Enable DNSSEC Support, Enable Forwarding Mode, Register DHCP leases in the DNS Resolver are already done in Services / DNS Resolver / General Settings

      server:
ssl-upstream: yes
do-tcp: yes
forward-zone:
name: "." 
forward-ssl-upstream: yes
# Below addresses are CloudFlare resolvers
forward-addr: 1.1.1.1@853
forward-addr: 1.0.0.1@853
forward-addr: 2606:4700:4700::1111@853
forward-addr: 2606:4700:4700::1001@853
# Below addresses are Quad9 resolvers
forward-addr: 9.9.9.9@853
forward-addr: 149.112.112.112@853
forward-addr: 2620:fe::fe@853

      How exactly to ensure that redirect DNS requests from LAN clients to point to local FQDN, and other DNS requests -> external CloudFlare DNS queries are being sent over TLS by performing a packet capture on the LAN/WAN interface?

      Thanks for all advises. Have a nice day!

      —
      CLOSE SKY FOR UKRAINE https://youtu.be/_tU1i8VAdCo !
      Help Ukraine to resist, save civilians people’s lives !
      (Take an active part in public protests, push on Your country’s politics, congressmans, mass media, leaders of opinion.)

      1 Reply Last reply Reply Quote 0
      • Sergei_ShablovskyS
        Sergei_Shablovsky
        last edited by

        Any news?

        —
        CLOSE SKY FOR UKRAINE https://youtu.be/_tU1i8VAdCo !
        Help Ukraine to resist, save civilians people’s lives !
        (Take an active part in public protests, push on Your country’s politics, congressmans, mass media, leaders of opinion.)

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz

          What are you wanting to do exactly?

          If you setup a forwarder in unbound, and you point your clients to unbound - they will resolve any local records via what unbound has for them.. So if you create a host override host.domain.tld that is what will be returned. Anything else would be forwarded to who you have setup for forwarding too.

          If you have a local dns, that you would want unbound to resolve domain.tld records from that would be a domain override.

          Anything that is not local, a host override or domain override would be either just be resolved or forwarded.. This is really how it works out of the box - so not exactly sure what your question is?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.