DNS Forwarder Domain Override for a public domain
-
Testing...
I have specified 8.8.8.8 in System => General Setup and enabled the DNS Forwarder
In the Forwarder settings I have specified a Domain Override for openvpn.com to use 1.1.1.1
When I perform an nslookup in pfSense for openvpn.com it is still using 8.8.8.8
Is it possible to use the Domain Override to force a public domain to use a DNS server other than the one used by the Forwarder/Resolver (in forwarding mode)
-
@McMurphy a domain override tells the ns vs asking X that it is set to use, if anyone looking for domainX.tld ask this guy.. Yes that can be a public domain.
But that is kind of pointless to be honest. since 8.8.8.8 can resolve whatever public domain - why would you ask 1.1.1.1 for domainx.tld when 8.8.8.8 is more than capable of answering that question.
Domain overrides are normally used when where you forward would not be able to answer the query.
-
I agree. This is just for testing purposes to confirm the functionality
I set a Domain Override for opendns.com to 9.8.7.6 (should not resolve)
nslookup still resolves it at 8.8.8.8
-
@McMurphy maybe its being redirected upstream? There are currently multiple threads about on how nord is intercepting dns traffic..
If you want to know if your override is working.. Sniff your traffic.. A domain override can be used on just a resolver as well.
Also keep in mind using the diagnostic lookup window isn't a good choice for this sort of test, because depending on how you have it setup, pfsense would fallback to or could just ask what is in its dns settings.
Here.. I setup domain override for openvpn.com
You can see when I ask unbound for it from a client on my network - it tries to ask 1.2.3.4 via sniff on the wan interface.
You can see from your response there - it asked loopback, got no answer, but then asked 8.8.8.8 directly.. This is pfsense asking, not what unbound did via its settings.. You would prob need to set this to do not use external..