Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Having difficulty with implementation

    Scheduled Pinned Locked Moved pfBlockerNG
    5 Posts 3 Posters 659 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      usaevo7
      last edited by

      This is my first time setting up pfsense and therefore pfblockerng-devel. I had some initial connection issues and issues with swapping out my old Sonicwall but have since resolved that. The unit seems pretty stable now after working through setting up pfblocker and it giving me fits with maximum table size, geoip blocking all wan traffic, and some other oddities. Now that its configured Im trying to wrap my head around how to get the DNS portion working so that my local windows server doing DHCP and DNS wont be affected by having to pfsense do the DNS in order for DNSBL to work for content filtering which is my ultimate goal. I would prefer not to change my DHCP settings which currently have the same server as DNS if possible. Ive read theres a way to forward all other resolvable traffic but Im not sure how to do that. Its a windows 2008 R2 and has something called Conditional Forwarder but I dont see how that would work in this case. What is recommended here? Currently with everything setup the clients are still resolving with the windows server and nothing is going through DNSBL. Thanks

      BBcan177B 1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator @usaevo7
        last edited by

        @usaevo7

        You can use your existing DNS Server, and set the DNS Forwarders pointing to pfSense which will allow DNSBL to filter the DNS Requests. Then pfSense will go outbound for any permitted DNS traffic.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • U
          usaevo7
          last edited by usaevo7

          Ok found it and added the pfsense IP, does the result need to fully resolve the FQDN? I went in and added the correct domain for our windows domain to pfsense if that makes any difference. I did a /flushdns on the server and client (my workstation) but nothing seems to have changed. DNS still seems to be resolved by the windows server. Im missing something... just not sure what.
          Untitled.png

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @usaevo7
            last edited by

            Is that supposed to be 10.1.1.254? 100.1.1.254 is a Verizon IP...

            The FQDN will display if the Windows server can resolve the IP.

            If the Windows server is set to forward it will pass the request on. There should be a checkbox somewhere in the settings as to whether it should use the root servers if it doesn't get a response from the forwarding server(s).

            The Windows DNS server has a cache also, you can restart the server or right click the server in the DNS management console and "clear cache."

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 0
            • U
              usaevo7
              last edited by

              It appears to be working now that the cache is cleared, thanks.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.