Help with local DNS, DNS Resolver, and DNSBL...
-
Howdy all! I would like to use pfSense as the "last stop" for all DNS queries coming from everything behind it so that I can leverage DNSBL as part of pfBlocker-NG-devel. Here is my current setup:
DNS01 - 10.99.99.2 - primary
DNS02 - 10.99.99.3 - secondaryDNS01 & DNS02 run Bind DNS and DHCP (with failover and DDNS registration) for the entire local network and VLANs. All clients point at those servers for DNS. DNS01 & DNS02 forward all traffic to 1.1.1.1 & 1.0.0.1 to resolve all non-local domains. This works perfectly fine.
My original plan was to simply:
Change DNS Forwarders on the pfSense box from 10.99.99.2 & 10.99.99.3 to 1.1.1.1 & 1.0.0.1.
Enable DNS Resolver on the pfSense box
Change DNS01 & DNS02 forwarder to pfSense IP of 10.99.99.1.
Enable DNSBL
PROFIT!
I then realized that I wouldn't be able to resolve local DNS names from the pfSense itself. I saw that DNS Resolver has a spot to configure domain overrides. However, when configuring the domain override for my domain, the local resolver (127.0.0.1) fails for all resolutions and it defaults to forwarding. I think this is because my pfSense is also on my local domain (i.e. gateway.mydomain.com, dns01.mydomain.com, dns02.mydomain.com).
Any suggestions?
-
I AM AN IDIOT. LOL.
Repeat after me:
When using LOCAL servers for FORWARDING ensure that you have the LOCAL interfaces enabled for OUTGOING requests.............
STUPID, STUPID, STUPID.
