do you use DNS Forwarder or Resolver with a Lan Cache Server?
-
Technically Unbound can support different 'views' for different source IPs but that's not something pfSense provides gui options for. You'd have to do it all in custom config.
You can choose to run both DNS services on the firewall allowing some variation in responses but for your setup you'd need to duplicate all the overrides.
I assume your system default gateway is via the WAN?
Anyway clients are going to be using DNS requests that go via a mix of both WANs and that will cause some issues.
Steve
-
ah ok so not so simple go figure.. and how would i do that in custom config?
and how would you run both dns services? so you could run one for WAN and 1 for NordVPN i figured there be an option like when you have VLANS and under dhcp youd have your own section .. i figured there would be a dns resolver there tab for WAN and another one for NordVPN and so on..
and i not sure how to run both dns servicesya my default gateway is the WAN...
ya so its not simple then to get wans and vpns to go out the same and use the same dns.. i guess mine is complicated setup even though seems simple i guess the work to get to this is a complicated setup..
and maybe that could be a future request? unbound to have different views for different gateways.. i know the downloading throught epic,blizzard,steam, that seems to be working.. its just darn websites ...
so its workable? but u need to do more custom.. nothing you can do in the Rules
cuz,... its too bad the dns resolver doesnt have tabs.. so for the nordvpn then the outbound be nordvpn interface.... and for WAN you could choose wan as the outbound interface..
how do you or others do it thenfor your business's as im sure i cant be only one that does it..
a seperate dns? like pihole... one that you specify the gateway? so its set to 192.168.0.1 as i have it set for its dns 1.1.1.1 so then it would force out wan connection... and then vpn connections it would still use 1.1.1.1 dns but it would go out the nordvpnnothing is simple lol.. but least its partialy working so far what i wanted... and i really appreciate your help so far.. least i learning stuff..
-
See: https://unbound.docs.nlnetlabs.nl/en/latest/topics/filtering/tags-views.html#views
You can't run both DNS services on the same port so to have both running you need to set one to a non-default port and then add port forwarding to it for the clients you want to use it.
Then you can have one service (probably Unbound) use the VPN for queries while the other one uses the system default, WAN.That still doesn't help queries that go via Lancache that all leave via whatever route 192.168.0.33 is given.
This is a complex setup that I would expect to require significant tuning and troubleshooting.
Steve
-
ah ok so its not really fesable..
so... now i kinda confused so if the lancache uses 1.1.1.1 shouldnt WAN and VPN have no issues as its contacting 1.1.1.1 for its dns service?
and would it help if i had 2 lancaches
192.168.0.32 dns 1.1.1.1 (WAN) 192.168.0.33 dns 192.168.0.1 (VPN)or do you still fall in the trap that the dns resolver is only set to the nordvpn outbound.
but then you run in issue not using the same cache dns...since its complex its best to scrap idea maybe
its only most like you need 3 pfsenses
1 to go out the wan
1 does vpn
1 down the wan on the LAN
and the 2 would access the one going out the WAN like a treeare there better solutions? how does that work when like say your vpn or ISP offers 2 dns's would that be like 2 pfsenses...
and i guess there is no way to setup outbound to all interfaces.. but also have no vpn leakage. like a block rule..
but im guessing thats not possible..i just thinking of ideas.. and probably they dont exisit lol
-
@comet424 said in do you use DNS Forwarder or Resolver with a Lan Cache Server?:
so... now i kinda confused so if the lancache uses 1.1.1.1 shouldnt WAN and VPN have no issues as its contacting 1.1.1.1 for its dns service?
Yes, queries to 1.1.1.1 will work via either route but will connect to different servers and hence resolve in different locations. Services you connect to can see approximately where it was resolved so it they see your traffic coming from the US but DNS queries resolving in Europe you get flagged.
and would it help if i had 2 lancaches
192.168.0.32 dns 1.1.1.1 (WAN) 192.168.0.33 dns 192.168.0.1 (VPN)Yes, that would probably work since you can then route traffic from one via the VPN.
At that point though it's easier to just pass the correct Lancache IP to clients to use for DNS directly. That removes the entire problem.
You should have two subnets for this though. That would be the first thing I would do. Get a managed switch and setup two VLANs.
-
ah ok lot to learn here i thought the dns stuff it could know if i accessed from pfsense from the
WAN range in aliases it would then dns resolve through WAN port and if it sees VPN range in aslias it would dns resolve through the vpn keeping both seperated... but i guess thats too much over head for the pfsense software to seperate probably .. and no one hungry to tackle that lolso ive never played with vlans except i made a couple in interface section.. so never even used it.. so how would 2 subnets work and using 1 lancache to serve both cuz thats what i wanted 1 cache handles it all... and is there a certain managed switch to get i have looked them up kinda and there are so many L1 L2 L3 level something i dunno i just stuck with regular switch no managed.. dont even know what brand is good for home use
and when you say pass the correct lancache ip to clients do you mean like
all the ips in dhcp would get 192.168.0.33 if so i did that too but i was running into i dunno the lancache was getting overloaded.. sometimes pages wouldnt be found so i had to restart the lancache server.... and i still ran in the problem on WAN side amazon pages wouldnt load.. so id change the dns to 192.168.0.1 or it was 1.1.1.1 to go out the wan so i could use amazon...
vicious circle... but ya id look into a managed switch but i wouldnt know how to go past it as all i done was set up 2 vlans and i saw them in rules and that was it lol
so 0 experience there -
@comet424 said in do you use DNS Forwarder or Resolver with a Lan Cache Server?:
how would 2 subnets work and using 1 lancache to serve both cuz thats what i wanted 1 cache handles it all...
You would need 2 caches or configure a single server in some way to send upstream queries via different routes depending on the source. It probably can't do that though.
@comet424 said in do you use DNS Forwarder or Resolver with a Lan Cache Server?:
when you say pass the correct lancache ip to clients do you mean like
all the ips in dhcp would get 192.168.0.33Yes exactly. And clients from the other subnet would get the other lancache server.
-
ah can you do this
lancache be say on a Vlan
so 192.168.10.2 that uses WANand then say the VPN and non VPN you set the dns to 192.168.10.2
or that wouldnt work because of dns resolver is set for vpn outbound.
reason i doing all this is my internet in country is only 5mb down 500k up if i get that so i try to cache my windows updates and games for my vpn and non vpn.. as i dont live in town so i dont get what people in town get there like 25gb or faster internet or whatever they get...
i wonder how companies do it? or they dont
and ill look into getting a managed switch see what computer store has
-
does this work?
modem
"---------
pfsense #1 192.168.0.1 and dhcp range and connects to 192.168.0.33 lancahce
goes out the modem on WAN
"----------
pfsense #2 192.168.1.1 dhcp range.. and connects to 192.168.0.33 lancahce and goes out the VPN through pfsense #1does that work?
or both can use 19.168.0.x #1 would use range 1-100 and #2 would use 192.168.0.101-254
just a thought dunno if it would work but your expert and i just learn as i go (:
-
The problem you have is that you need DNS queries to use the same route out as traffic. But you also need to send DNS queries via the LAN cache server so it can intercept and redirect requests for files it has stored.
What DNS server is Lancache running? Is it resolving or forwarding? It sounds like it's forwarding only. That means any queries sent to it that are not intercepted are forwarded to whatever it has set (1.1.1.1) via whatever route out it uses. That can only ever be one way so it will only ever work correctly with clients that are also using that route.
No commercial installs would ever be doing this.Steve
-
ah ok so its only worth while 1 or the other.. vpn or nonvpn .. i guess in a commerical setup youd have 2 lancaches.. 1 for vpn and 1 for nonvpn and cuz u guys would have like 10xs faster then my internet you could host 2 lancaches cuz u could download installs faster then me.. here i tried to get a setup that served both.. vpn and non vpn on a 5mbp connection as it takes bloody forever for som game updates.. several days so i was hoping a simple solution 1 cache server and could cover both flawless
and i dunno what dns server its running it.. its just an all 1 wonder one person made
the doc info from the unraid cache saysAn all in one lancache docker providing a combination of the following three projects: https://github.com/lancachenet/lancache-dns https://github.com/lancachenet/monolithic https://github.com/lancachenet/sniproxy Thanks to cheesemarathon for their work on the SteamCacheBundle that inspired this and provided the grounding for the template. Note, however, that this Docker image does not run at all the same way and is strictly based on the original upstream logcache project. On start, this image will download the latest domain list from https://github.com/uklans/cache-domains. This means no constant upgrading of the docker image is necessary in order to guarantee continued usabilitybeyond my scope of understanding lol
and i guess like when you have your ISP and you get the 2 dns. thats be like having 2 lancaches.. if 1 failes flips to the other.. just with me internet so slow u have to dup download everything..is there other solutions like other cache services you know of i know i read something about squid but never tried... i did try something and pfsense killed my usb learned to install pfsense on a ssd i think that was logs burned it out in a month lol...
but what do commerical installs do?
-
Commercial installs would just use one WAN connection so either all the traffic goes over a VPN or none of it does. Also they would have 100X the speed so local caching becomes irrelevant.
Squid really doesn't cache things like that well any longer and all the traffic from Squid itself always goes from a single interface so you have the same issue as soon as you want to split the traffic over a VPN.Steve
-
ah ok so basiclly i just stuck.. its like 90s all i could get was 2.8k connection while people lived in town go cable modems and faster rates..
now i have similar to cable modems dsl and people in town have 10x or more faster rates lol vicious circle.least its working the unbound stuff.. was main goal the 192.168.0.1 as dns so i not switching back and forth 192.168.0.1 and 192.168.0.33 just for each time gaming.. stick with either vpn or just wan
or maybe ill do 2 lancaches
1 for games and windows updates for WAN
1 for just windows updates on VPN as going through the vpn and gaming either doesnt work or lags alot.. i guess thats due to the overhead stuff vpn doesand i really appreciate the help and explaining things you done too it helps.. espcially when you dont understand all this stuff.. really like pfsense over my asus router so i greatly appreciate it (:
