Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    block using other dns on client

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 121 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scorpoin
      last edited by

      well very strange thing I've seen , when putting static DNS 8.8.8.8 on windows client as secondary DNS and primary DNS of my pfsense IP . it does open youtube , if I remove Secondary DNS 8.8.8.8 it does block youtube and other sites which pfblocker should do . :/ . I
      How do I prevent users not use other then firewall IP as primary DNS.

      Regards

      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by bmeeks

        Follow the instructions outlined in the offical documentation here: https://pfsense-docs.readthedocs.io/en/latest/dns/redirecting-all-dns-requests-to-pfsense.html.

        Put only the IP address of the pfSense firewall in the DNS Server IP box on the client. Do NOT put any other IP addresses in there.

        This works for any client that uses conventional DNS lookup requests via port 53 using either UDP (the norm) or TCP (rare). However, some applications these days have built-in DNS lookup routines that use DoH (DNS over HTTP); and these requests will typically go out over port 443 (same as all HTTPS web traffic), so interception and redirection is not really possible. Some firewall admins address the DoH problem using pfBlockerNG-devel and list of known DoH DNS server IP addresses.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.