General DNS settings vs DHCP Server DNS Settings for Virtual IP?
-
I followed a tutorial and setup pfBlockerNG with my DNSBL Webserver virtual IP address set at 10.10.10.1. I currently have 5 interfaces (LAN and my 4 VLANs: Private, Office, IoT and Guest) and realized I can apply this virtual IP to the general settings or individually via the DHCP server for each interface. If I intend of having my entire network use DNSBL is it best practice to just enter the virtual IP in the general setup DNS settings? Will the general settings override the individual DHCP servers settings or should I simply configure 10.10.10.1 to all locations? Thanks for any help and additional knowledge on this topic.
System --> General Setup --> DNS Server Settings --> 10.10.10.1
and/or
Services --> DHCP Server --> (LAN, Private, Office, IoT, Guest) --> 10.10.10.1
-
@TechNetwork1 As i know pfblockerNG hardcoded with unbound, according of this you should monitoring on localhost and your interfaces only in Unbound DNS resolver that all.
-
@TechNetwork1 said in General DNS settings vs DHCP Server DNS Settings for Virtual IP?:
10.10.10.1
Not how it works.. That 10.10.10.1 vip is where a block sends client when they look up something that is blocked to get a block page.. That is not the IP you would point to for dns clients. You would point your clients to pfsense IP that unbound is listening on.
-
@johnpoz Ok so I originally had Quad9 (9.9.9.9) entered in the General Setup and DHCP Server configuration page. Nothing was being blocked but once I entered 10.10.10.1 in the DCHP Server configuration page, DNSBL started blocking which lead me to believe I was on the right track. I'm very new to networking so I was confused but then going back to my original question should I enter my pfsense IP address in both the general setup config page as well as the DHCP server page for each interface?
-
@TechNetwork1 you must have unbound set to listen on all addresses.. Guess that would mean vips as well.
You normally would have to do nothing.. There is no IP that needs to go into the general setup, unless you wanting unbound to forward to something..
And dhcp would default to handing out the IP of the interface its enabled on.. Out of the box there really is nothing to touch here.
So say you had lan 192.168.1.1/24 on pfsense, and opt1 network as say 192.168.2.1/24.. If you dhcp server on lan would hand out the 192.168.1.1 to devices on that network, and opt1 dhcpd would hand ot 192.168.2.1 to its dhcp clients.
If your filtering then everyone would be filtered.
