DNS resolver in PFSENSE does not have access to the Internet
-
Hello colleagues!
I am asking for your help or advice on choosing the right solution for setting up or making changes to the PFSENSE settings.
As a beginner, it is difficult for me to make the right and safe choice.And so, we have:
- PFSENSE CE
2.AS+IPNUM
3.2BGP peering - NAT
5.DNS RESOLVER IN PFSENSE (ONLY) - LAN DHCP
Until a certain time, PFSENSE CE had access to the Internet, this allowed it to work without creating a separate DNS server. That is, by creating the VLAN111 interface (P53 only rules) and specifying the VLAN111 address in the GENERAL DNS settings, this allowed using the DNS RESOLVER function in the form of a DNS SERVER without cache and other settings.
Now the peer partner has forbidden the use of the bgp-peer address to access the Internet directly, citing security rules. This has created certain difficulties. Namely: now I cannot monitor the status of the BGP channel behind its gateway using PFSENSE CE, and the possibility of access has also been lost to PFSENSE CE updates, and most importantly now DNS RESOLVER does not work because there is no access to VLAN111 from the Internet.What advice can you give:
- Build a separate DNS server, which will create an additional machine service point and the risk of machine breakdown?
- Completely switch to public DNS addresses and disable DNS RESOLVER on PFSENSE CE?
- Make certain settings and restore Internet access to PFSENSE CE to update, monitor and work with DNS RESOLVER?
Thanks in advance for the advice
- PFSENSE CE