Is it possible to conf PfSense dns to reply only for one LAN ip ?
-
Howdy.
I have separate pi-hole dns srv in My LAN.
I was wondering if it's possible to configure PfSense's dns so that it only replies to dns queries originating from pi-hole machine.My Lan clients receive their dns server address from dhcp and are thus pointed to the pi-hole machine. Pi-hole machine has PfSense as Forwarder and PfSense forwards queries to interwebs using DNS-over-TLS + through VPN tunnel. So as there is no need for any machine to send dns queries directly to PfSense, and thus bypass the pi-hole blocking, can I somehow deny dns answers to all other lan addresses other than pi-hole machine ?
thx for Your brain rent.
-
firewall rules on port 53 ?
-
Ohh Man, I did the rules, tested them and it did not seem to work.
Now double checked and found a flaw in rule order...
Works now!thx.
-
yup firewall rules,
- source ip-pihole permit 53
*2) source any destination ! ip-pihole block 53 ( ! = reverse)
or you can do a nat port forward with
*2) interface LAN source ! ip-pihole destination ! ip-pihole port 53 NAT ip-pihole 53
take in mind that order of rules are important
ah nice, i was still writing when you answered
- source ip-pihole permit 53
-
kiokoman
kiokoman LAYER 8 about 8 hours agoyup firewall rules,
source ip-pihole permit 53 *2) source any destination ! ip-pihole block 53 ( ! = reverse)
or you can do a nat port forward with
*2) interface LAN source ! ip-pihole destination ! ip-pihole port 53 NAT ip-pihole 53
take in mind that order of rules are important
ah nice, i was still writing when you answered
Yes :) Thx for Thy help anyways Sir!