Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is it possible to conf PfSense dns to reply only for one LAN ip ?

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 3 Posters 190 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kekke
      last edited by

      Howdy.
      I have separate pi-hole dns srv in My LAN.
      I was wondering if it's possible to configure PfSense's dns so that it only replies to dns queries originating from pi-hole machine.

      My Lan clients receive their dns server address from dhcp and are thus pointed to the pi-hole machine. Pi-hole machine has PfSense as Forwarder and PfSense forwards queries to interwebs using DNS-over-TLS + through VPN tunnel. So as there is no need for any machine to send dns queries directly to PfSense, and thus bypass the pi-hole blocking, can I somehow deny dns answers to all other lan addresses other than pi-hole machine ?

      thx for Your brain rent.

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        firewall rules on port 53 ?

        1 Reply Last reply Reply Quote 0
        • K
          kekke
          last edited by

          Ohh Man, I did the rules, tested them and it did not seem to work.
          Now double checked and found a flaw in rule order...
          Works now!

          thx.

          1 Reply Last reply Reply Quote 0
          • kiokomanK
            kiokoman LAYER 8
            last edited by kiokoman

            yup firewall rules,

            1. source ip-pihole permit 53
              *2) source any destination ! ip-pihole block 53 ( ! = reverse)

            or you can do a nat port forward with

            *2) interface LAN source ! ip-pihole destination ! ip-pihole port 53 NAT ip-pihole 53

            take in mind that order of rules are important

            ah nice, i was still writing when you answered

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            1 Reply Last reply Reply Quote 0
            • K
              kekke
              last edited by


              kiokoman
              kiokoman LAYER 8 about 8 hours ago

              yup firewall rules,

              source ip-pihole permit 53
              *2) source any destination ! ip-pihole block 53 ( ! = reverse)
              

              or you can do a nat port forward with

              *2) interface LAN source ! ip-pihole destination ! ip-pihole port 53 NAT ip-pihole 53

              take in mind that order of rules are important

              ah nice, i was still writing when you answered


              Yes :) Thx for Thy help anyways Sir!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.