Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to use LAN side DNS?

    General pfSense Questions
    5
    12
    5830
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lewis last edited by

      I need to use internal DNS servers but the device keeps sending the DNS request to the WAN. Is there a way to change this behavior so that those requests can be sent to the LAN side.

      Mike

      1 Reply Last reply Reply Quote 0
      • D
        danswartz last edited by

        sure, put your LAN DNS service IP(s) in the appropriate settings in the GUI.  i think you also have to uncheck the box so it won't let the ISP settings override.

        1 Reply Last reply Reply Quote 0
        • L
          lewis last edited by

          Yup, that's what I have. I have both a public DNS and my internal for testing. Only the public DNS is ever used as the request keeps going to the WAN interface.

          The 'Allow DNS server list to be overridden by DHCP/PPP on WAN' option is unchecked.

          1 Reply Last reply Reply Quote 0
          • L
            lewis last edited by

            Any other thoughts? It must be a fairly regular question but I can't seem to find the answer.

            1 Reply Last reply Reply Quote 0
            • GruensFroeschli
              GruensFroeschli last edited by

              Well. Don't put a public DNS in one of the fields ;)

              1 Reply Last reply Reply Quote 0
              • L
                lewis last edited by

                @GruensFroeschli:

                Well. Don't put a public DNS in one of the fields ;)

                I realized the requests were going to the WAN interface by watching the packets. I then entered a public DNS just to confirm and of course that worked. That's the only reason I tried a public DNS but the question remains the same, how do I force pfsense to use the DNS servers on the LAN?

                1 Reply Last reply Reply Quote 0
                • W
                  wallabybob last edited by

                  @lewis:

                  I realized the requests were going to the WAN interface by watching the packets. I then entered a public DNS just to confirm and of course that worked.

                  I find this confusing. You are trying to use a DNS on your LAN and complaining it doesn't work so you specify a public DNS and now say it works!

                  @lewis:

                  That's the only reason I tried a public DNS but the question remains the same, how do I force pfsense to use the DNS servers on the LAN?

                  As already suggested:
                  @GruensFroeschli:

                  Well. Don't put a public DNS in one of the fields ;)

                  From the web GUI, System -> General Setup, item DNS Servers make sure BOTH boxes specify your DNS server on the LAN.

                  This seems so obvious but you don't seem to have done it. Perhaps there is something about what you are trying to do that you haven't told us. For example, are you trying to get pfSense to tell its DHCP clients to use your LAN DNS server or are you trying to get your DHCP clients to use pfSense as their DNS and pfSense to use your LAN DNS server (in which case that LAN server presumably goes out to the WAN when it has to)?

                  1 Reply Last reply Reply Quote 0
                  • L
                    lewis last edited by

                    This seems so obvious but you don't seem to have done it.
                    Perhaps there is something about what you are trying to do that you haven't told us.

                    As I've already posted, I have done this. Not sure why you didn't see that.

                    For example, are you trying to get pfSense to tell its DHCP clients to use your LAN DNS
                    server or are you trying to get your DHCP clients to use pfSense as their DNS and
                    pfSense to use your LAN DNS server (in which case that LAN server presumably
                    goes out to the WAN when it has to)?

                    I want to use pfsense for one single thing, remote users getting to my pbx. I don't need it to do anything else. While I could use public dns servers, which I probably will end up having to do, I would prefer using LAN side DNS servers so that I can better control things that the public doesn't need to see, only the VPN users.

                    I don't need remote users to have access to the LAN, I need them only to have access to one single server on the LAN, using SIP/RTP ports and that's it.

                    I've not figured out why the LAN side DNS servers won't be see, which is of course, why I've posted my request for help. It is an unusual situation from what I gather which is why I am looking for input.

                    What ever you need to know, I'm happy to share in order to get help but please do read that I have tried the suggestions already :).

                    Thanks.

                    1 Reply Last reply Reply Quote 0
                    • W
                      wallabybob last edited by

                      I let this thread go for a while because its not clear to me precisely what you are complaining about and my attempt to clarify didn't yield an answer so I left some space for someone else to jump in.

                      Please provide an diagram of the significant parts of the network and clarify whether your complaint refers to DNS requests from pfSense, DNS requests from other systems on the LAN, DNS requests from VPN users or some other DNS requests. In particular, your original issue statement said "the device keeps sending DNS requests …" and I can't see anywhere in this thread where you have said which device "the device" is. I admit one of your replies said "How do I force pfSense to use the DNS servers of the LAN" but its not clear to me what the origin of those DNS requests is. The origin of those requests (depending on how it is configured, pfSense may act as a DNS server itself) may determine the answer to your question.

                      1 Reply Last reply Reply Quote 0
                      • X
                        XIII last edited by

                        What he wants is:

                        1. custom shortcuts for example type in router and it takes you to the pf router and server26 and you go to server26 (dont know if pf can do if so that would be something of interest to me)

                        2. use internal DNS servers so that he can control where people are allowed to go, in that case do what was posted earlier by danswartz, put your lan dns servers ip addresses under dns servers, might need to create a static route

                        OR

                        3. ???

                        1 Reply Last reply Reply Quote 0
                        • W
                          wallabybob last edited by

                          @XIII:

                          What he wants is:

                          1. custom shortcuts for example type in router and it takes you to the pf router and server26 and you go to server26 (dont know if pf can do if so that would be something of interest to me)

                          Under Services -> DNS forwarder it is possible to add your own DNS entries as well as DNS servers for particular domains.

                          2. use internal DNS servers so that he can control where people are allowed to go, in that case do what was posted earlier by danswartz, put your lan dns servers ip addresses under dns servers, might need to create a static route

                          Using internal DNS servers doesn't control where people can go, it only controls the name to address translations. If you know someone's phone number you don't need a telephone directory to call them.

                          OR

                          3. ???

                          ???

                          1 Reply Last reply Reply Quote 0
                          • X
                            XIII last edited by

                            @wallabybob:

                            Using internal DNS servers doesn't control where people can go, it only controls the name to address translations. If you know someone's phone number you don't need a telephone directory to call them.

                            actually it does, i can make it to where typing in 'help" in my browser takes you to forum.pfsense.org or if you get a denial page (opendns.org) with a custom dns server one can make it so that certain dns names are redirected. remember the dns flaw that was made public a while ago? this was pointed out…
                            but yes if they know the address its worthless but not many people know help.com's ip (phone #)

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post

                            Products

                            • Platform Overview
                            • TNSR
                            • pfSense
                            • Appliances

                            Services

                            • Training
                            • Professional Services

                            Support

                            • Subscription Plans
                            • Contact Support
                            • Product Lifecycle
                            • Documentation

                            News

                            • Media Coverage
                            • Press
                            • Events

                            Resources

                            • Blog
                            • FAQ
                            • Find a Partner
                            • Resource Library
                            • Security Information

                            Company

                            • About Us
                            • Careers
                            • Partners
                            • Contact Us
                            • Legal
                            Our Mission

                            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                            Subscribe to our Newsletter

                            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                            © 2021 Rubicon Communications, LLC | Privacy Policy