Redirect DNS requests from LAN clients to point to local FQDN, and other DNS requests -> external CloudFlare DNS over TLS



  • Hi, pfSense gurus!

    Please clarify how redirect DNS(53) requests from LAN hosts (for example 192.168.88.0/24) to local host (server in separate LAN interface, for example 192.168.99.0/24) for certain FQDN name (for example publicweb.com) and all other DNS requests -> external CloudFlare DNS over TLS.

    I already doing according Redirecting all DNS Requests to pfSense and Blocking DNS Queries to External Resolvers, but something working not as described.

    Of course Host Overrides (with www aliases) and Enable DNSSEC Support, Enable Forwarding Mode, Register DHCP leases in the DNS Resolver are already done in Services / DNS Resolver / General Settings

    server:
    ssl-upstream: yes
    do-tcp: yes
    forward-zone:
    name: "." 
    forward-ssl-upstream: yes
    # Below addresses are CloudFlare resolvers
    forward-addr: 1.1.1.1@853
    forward-addr: 1.0.0.1@853
    forward-addr: 2606:4700:4700::1111@853
    forward-addr: 2606:4700:4700::1001@853
    # Below addresses are Quad9 resolvers
    forward-addr: 9.9.9.9@853
    forward-addr: 149.112.112.112@853
    forward-addr: 2620:fe::fe@853
    

    How exactly to ensure that redirect DNS requests from LAN clients to point to local FQDN, and other DNS requests -> external CloudFlare DNS queries are being sent over TLS by performing a packet capture on the LAN/WAN interface?

    Thanks for all advises. Have a nice day!


Log in to reply