block using other dns on client
-
well very strange thing I've seen , when putting static DNS 8.8.8.8 on windows client as secondary DNS and primary DNS of my pfsense IP . it does open youtube , if I remove Secondary DNS 8.8.8.8 it does block youtube and other sites which pfblocker should do . :/ . I
How do I prevent users not use other then firewall IP as primary DNS.Regards
-
Follow the instructions outlined in the offical documentation here: https://pfsense-docs.readthedocs.io/en/latest/dns/redirecting-all-dns-requests-to-pfsense.html.
Put only the IP address of the pfSense firewall in the DNS Server IP box on the client. Do NOT put any other IP addresses in there.
This works for any client that uses conventional DNS lookup requests via port 53 using either UDP (the norm) or TCP (rare). However, some applications these days have built-in DNS lookup routines that use DoH (DNS over HTTP); and these requests will typically go out over port 443 (same as all HTTPS web traffic), so interception and redirection is not really possible. Some firewall admins address the DoH problem using pfBlockerNG-devel and list of known DoH DNS server IP addresses.