Understanding pfSense's DNS options
-
Hi guys,
I'm trying to achieve to put my irrigation system into a specific VLAN on my pfSense. Therefore, the irrigation controller needs to be able to contact the Hydrawise servers.
First off - I can reach that servers with my mobile phone, being connected to the same WIFI/VLAN ("IoT").
What doesn't work is the self-test on the controller (resuming in a "failed connection" and therefore not being able to control the irrigation system) - it get's a timeout when it tries to reach the above mentioned servers, so I simply connected to another WIFI (called "Family") and this works. There is an official FAQ which I read through, but as mentioned before all test are OK, except the "Hydrawise check".
The different WIFIs are identical (and managed by an Unifi controller), except WIFI password and used VLAN.
On pfSense, both VLANs don't have any block-rules that would intermit any states.
The only difference is, that "IoT" VLAN uses defined DNS servers (in DHCP settings), and the "Family" VLAN has blank fields (so using the DNS resolver).My DNS-settings;
- can I safely activate the DNS Rebind Check?
- the "Network Interfaces" are set to "LAN", "FAMILY" and "TRUSTED". I didn't include IoT, because I tried to achieve that these devices directly request the servers defined in the DHCP settings.I'd be happy if someone could help me to understand this behavior in order to put the irrigation controller in the correct ("IoT") VLAN - many thanks :)!
-
@Netgator said in Understanding pfSense's DNS options:
The only difference is, that "IoT" VLAN uses defined DNS servers (in DHCP settings), and the "Family" VLAN has blank fields (so using the DNS resolver).
and did the irrigation controller receive that/theseDNS IP ?
And why pointing using 1.1.1.1 & 1.0.0.1 ?
What are the IOT interface firewall rules ?
Resolver => Settings => Network interfaces and set it to "All".
The irrigation controllerworks on your LAN ? and not on the IOT interface ? Then knowing the difference between these two is your solution. Make them identical, except the IP network range, and go up from there. -
Hi there, many thanks for your time!
@Gertjan said in Understanding pfSense's DNS options:
and did the irrigation controller receive that/theseDNS IP ?
yes - the irrigation controller gets an IP in both the desired VLAN (IoT), as well as in the current (Family).
yes - the irrigation controller successfully receives the DNS servers in both the desired VLAN (IoT), as well as in the current (Family).@Gertjan said in Understanding pfSense's DNS options:
And why pointing using 1.1.1.1 & 1.0.0.1 ?
Because I'd like to query the Cloudflare DNS servers instead of Google's.
@Gertjan said in Understanding pfSense's DNS options:
What are the IOT interface firewall rules ?
The IoT IF firewall rules are the same as in Family, with the only exception that devices in Family-VLAN may access our NAS. That Family-VLAN isn't really "finally" set up because it should serve as a safe "network" for the kids.
@Gertjan said in Understanding pfSense's DNS options:
Resolver => Settings => Network interfaces and set it to "All".
Thanks for the hint, I'll give it a try!
@Gertjan said in Understanding pfSense's DNS options:
The irrigation controllerworks on your LAN ? and not on the IOT interface ?
The irrigation controller works on LAN, Family-VLAN and Trusted-VLAN (so basically every VLAN that doesn't have set DNS servers in the DHCP server configuration - this is basically what I'm trying to understand).
@Gertjan said in Understanding pfSense's DNS options:
Then knowing the difference between these two is your solution. Make them identical, except the IP network range, and go up from there.
Really like that idea with the "bottom-up" solution, will give it a try, also. But first I'm going to "bind" the DNS resolver to all network interfaces.
Will keep you updated when I tested this out.KR & enjoy your day!
-
Hi @Gertjan ,
to give you a short update - I bound DNS to all IFs and left the DHCP servers' DNS settings blank - now it works.
Many thanks for your help & KR
