DNS forwarders not validating
-
Hello there, I'm stuck with a question. So I am currently setting up an Addblock / content block system for our school. Our school runs 2 pfsense in the 2 buildings (192.168.200.1 and 192.168.201.1). We also run 2 AD DCs (172.16.0.0 and 172.20.0.0). So now I am trying to use pfBlockerNG to block things with DNSBL. So if I want to use this, I need to turn on Unbound DNS Resolver. But every time I do this, I get the following error on my domain controllers when I set my forwarders to my pfsense. "Unknown error while validating server". I also then notice that the blocks don't work. It is first time I am touching pfSense and this system, anyone who can help me?
Big thanks in advance!
-
@Bartballon and what rules do you have on the interfaces the DCs would talk to pfsense on?
How are they getting to your pfsense boxes for dns, when their networks 172.16 and 172.20 - what is routing the traffic to pfsense 192.168.x addresses?
-
@Bartballon What John asked, but also there is a checkbox in the Windows DNS settings to use root servers if forwarders are unavailable, which is presumably why DNS is working for you.
You may also want to block DNS Servers on the Internet, and/or DoH, if you want to force everyone to use the block lists.
-
@Bartballon hello let me try to help, how is the PfSense configuration set to resolve is it going to WAN 8.8.8.8 or 1.1.1.1 or the domain controller? Do you have a host override for a proxy also?
Also I found
"If unbound does not start correctly after entering custom options, add server: on a line at the top of the custom options text area."Ref:
https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-config.htmlI found another post on this with a working version of what you want to do, user was asking how to make it resolve faster. Maybe this will help?
https://forum.netgate.com/topic/144091/ad-domain-controller-as-local-dns-forwarding-to-pfsense/10
https://forum.netgate.com/topic/140346/forward-dns-queries-to-active-directory-dns-server/9
