• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to have certain ip address use different DNS server?

Scheduled Pinned Locked Moved DHCP and DNS
4 Posts 2 Posters 822 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    aGeekhere
    last edited by Jan 3, 2025, 7:47 AM

    Hi, I want to have different nodes use different dns server however i am not fulling understainding how i can do this while still having my host overrides work under the DNS Resolver

    Setup
    System General Setup DNS Server Settings
    192.168.1.20 Lancache server
    1.1.1.3
    1.0.0.3
    DNS Server Override unticked

    Services DHCP Server LAN
    DNS Servers
    DNS server 1: 192.168.1.20 Lancache server

    DHCP Static Mappings
    For a node set
    DNS 1: 192.168.1.20 lancache
    DNS 2: 192.168.1.1 pfsense
    DNS 3: 8.8.8.8
    DNS 4: 8.8.4.4

    When i do this my host overrides stop working, i am guessing that the order of the dns do not followed in order and the node could be using 8.8.8.8 first?

    Is there a better way to have different nodes use different DNS servers while still using pfsense as the DNS server first?

    Never Fear, A Geek is Here!

    K 1 Reply Last reply Jan 3, 2025, 8:36 AM Reply Quote 0
    • K
      keyser Rebel Alliance @aGeekhere
      last edited by Jan 3, 2025, 8:36 AM

      @aGeekhere Whoaa, that is a somewhat complicated DNS structure you have there….

      1: Stop handing out other DNS servers than ones that you control (ie: no DNS3/4 google Dns to clients)
      2: If you want to use Lancache server (why??) for some clients, create a stubzone on that server for your internal domainnames pointing to pfSense DNS where your overrides are present. Then it will resolve those names using the DNS on pfSense.

      What I dont understand is: why the need for different DNS servers? Is it because you want different DNS resolution capabilities based on some clients groups? If that is the case, then perhaps using some of the advanced controls in pfSense’s Unbound combined with pfBlockerNG could solve your problem? Read this article for inspiration:

      https://wiki.sharewiz.net/doku.php?id=pfsense:pfblockerng:bypass_pfblockerng_for_specific_clients

      Love the no fuss of using the official appliances :-)

      A 1 Reply Last reply Jan 3, 2025, 10:59 AM Reply Quote 0
      • A
        aGeekhere @keyser
        last edited by Jan 3, 2025, 10:59 AM

        @keyser
        What i would like is

        1. All clients use pfsense as their primary DNS server
        2. Then use lancache as the next DNS server so i can cache (lancache UPSTREAM_DNS is set to pfsense)
        3. Then use 1.1.1.3 and 1.0.0.3 for web filtering
          Now i want a few servers and users to use 1.1.1.1 and 1.0.0.1 instead of the filtering but still use the lancache and the DNS Resolver.

        I can override that with DHCP Static Mappings however host overrides stop working.

        Never Fear, A Geek is Here!

        K 1 Reply Last reply Jan 3, 2025, 11:16 AM Reply Quote 0
        • K
          keyser Rebel Alliance @aGeekhere
          last edited by keyser Jan 3, 2025, 11:19 AM Jan 3, 2025, 11:16 AM

          @aGeekhere Okay, so the real trouble is actually because of the few clients that you want to bypass the DNS filtering done by 1.1.1.3/1.0.0.3

          1: Unbound DNS in pfsense by default does caching of all DNS lookups as TTL records allows. This is the same caching as Lancache does unless you start configuring some out of spec extra caching (of invalid records). If that is your reason to keep lancache in the loop configure Unbound to do the same (out of spec) caching of stale records - it can be done in the advanced settings.

          2: Configure Unbound in pfSense to use forwarding instead of the default root recursive resolution. Then Unbound will do all lookups by forwarding to the DNS servers in "SYSTEM -> GENERAL -> DNS Servers"
          It will still cache all records, so just hand the clients your pfSense DNS and drop the lancache server.

          Using forwarding mode prevents us from exempting specific clients from being DNS filtered pr. the forwarding servers filters. So to have a few clients NOT being filtered things become a little more troublesome. For this you could:

          1: Keep the lancache servers for those clients - make a DHCP reservation with a DNS override to hand them the lancache server as the only DNS
          2: Configure Lancache to use your preferred public DNS as forwarding servers (1.1.1.1/1.0.0.1).
          3: Create a stubzone on Lancache for you internal domain name for clients (the domain name used for your overrides in pfSense), and point that stubzone to forward to pfSense instead of 1.1.1.1/1.0.0.1

          This will create the scenario you are looking for.

          Love the no fuss of using the official appliances :-)

          1 Reply Last reply Reply Quote 1
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received