• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Override client DNS servers?

Scheduled Pinned Locked Moved DHCP and DNS
6 Posts 2 Posters 4.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    leaded
    last edited by Dec 16, 2009, 2:52 PM

    In DD-WRT, I was able to run a script a single time that would make it so all DNS requests would use the one configured on the router, even if the client had specified a different one. Does pfSense allow this functionality? I'm using to use OpenDNS so I can filter out certain categories of websites, but if I change the DNS server on my local machine it overrides the DNS servers set in pfSense. Can I somehow force all DNS requests to go through the DNS servers I specify?

    1 Reply Last reply Reply Quote 0
    • P
      Perry
      last edited by Dec 16, 2009, 5:28 PM

      You can force them with a block or reject DNS rule on top Picture

      /Perry
      doc.pfsense.org

      1 Reply Last reply Reply Quote 0
      • L
        leaded
        last edited by Dec 17, 2009, 8:15 PM

        Thank you for the reply Perry. I understand what this rule is doing- dropping/rejecting all outbound port 53/UDP traffic. Meaning, if I try and do any DNS lookups outside of my own network, it will fail. But, it doesn't appear to be working. Using http://www.internetbadguys.com/ as an example, I have OpenDNS servers as my DNS servers in pfSense, and Google's on my laptop, and my laptop is using Google's DNS servers instead. Additionally, an nslookup for a domain shows that I'm using my laptop's DNS servers. Any ideas?

        1 Reply Last reply Reply Quote 0
        • P
          Perry
          last edited by Dec 17, 2009, 9:38 PM

          clear states and ipconfig /flushdns if your client is windows. Check also that you did untick the isp dns override blow where you entered opendns ip's

          /Perry
          doc.pfsense.org

          1 Reply Last reply Reply Quote 0
          • L
            leaded
            last edited by Dec 29, 2009, 6:21 PM

            Hi there.

            I haven't had any luck getting this to work. I added the rule…

            Cleared my DNS entries…

            Changed my DNS servers to NOT be 192.168.1.1 (used Google's new 8.8.8.8)

            Cleared the States in pfSense, but I can still go outbound UDP/53…

            $ nslookup google.com
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	google.com
Address: 64.233.169.106
Name:	google.com
Address: 64.233.169.105
Name:	google.com
Address: 64.233.169.147
Name:	google.com
Address: 64.233.169.99
Name:	google.com
Address: 64.233.169.103
Name:	google.com
Address: 64.233.169.104

            If I change the rule to block all UDP traffic, it does not allow the nslookup to continue. But if I limit it to port 53, it's allowed.

            I'm trying to Intercept the DNS like this, which seems to work for iptables. Does pf not have a rule like this?

            1 Reply Last reply Reply Quote 0
            • P
              Perry
              last edited by Dec 29, 2009, 8:15 PM

              Sorry for posting a link to a faulty picture.

              Change source port to * and reboot

              /Perry
              doc.pfsense.org

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received