Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Override client DNS servers?

    DHCP and DNS
    2
    6
    4010
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      leaded last edited by

      In DD-WRT, I was able to run a script a single time that would make it so all DNS requests would use the one configured on the router, even if the client had specified a different one. Does pfSense allow this functionality? I'm using to use OpenDNS so I can filter out certain categories of websites, but if I change the DNS server on my local machine it overrides the DNS servers set in pfSense. Can I somehow force all DNS requests to go through the DNS servers I specify?

      1 Reply Last reply Reply Quote 0
      • P
        Perry last edited by

        You can force them with a block or reject DNS rule on top Picture

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • L
          leaded last edited by

          Thank you for the reply Perry. I understand what this rule is doing- dropping/rejecting all outbound port 53/UDP traffic. Meaning, if I try and do any DNS lookups outside of my own network, it will fail. But, it doesn't appear to be working. Using http://www.internetbadguys.com/ as an example, I have OpenDNS servers as my DNS servers in pfSense, and Google's on my laptop, and my laptop is using Google's DNS servers instead. Additionally, an nslookup for a domain shows that I'm using my laptop's DNS servers. Any ideas?

          1 Reply Last reply Reply Quote 0
          • P
            Perry last edited by

            clear states and ipconfig /flushdns if your client is windows. Check also that you did untick the isp dns override blow where you entered opendns ip's

            /Perry
            doc.pfsense.org

            1 Reply Last reply Reply Quote 0
            • L
              leaded last edited by

              Hi there.

              I haven't had any luck getting this to work. I added the rule…

              Cleared my DNS entries…

              Changed my DNS servers to NOT be 192.168.1.1 (used Google's new 8.8.8.8)

              Cleared the States in pfSense, but I can still go outbound UDP/53…

              $ nslookup google.com
              Server:		8.8.8.8
              Address:	8.8.8.8#53
              
              Non-authoritative answer:
              Name:	google.com
              Address: 64.233.169.106
              Name:	google.com
              Address: 64.233.169.105
              Name:	google.com
              Address: 64.233.169.147
              Name:	google.com
              Address: 64.233.169.99
              Name:	google.com
              Address: 64.233.169.103
              Name:	google.com
              Address: 64.233.169.104
              
              

              If I change the rule to block all UDP traffic, it does not allow the nslookup to continue. But if I limit it to port 53, it's allowed.

              I'm trying to Intercept the DNS like this, which seems to work for iptables. Does pf not have a rule like this?

              1 Reply Last reply Reply Quote 0
              • P
                Perry last edited by

                Sorry for posting a link to a faulty picture.

                Change source port to * and reboot

                /Perry
                doc.pfsense.org

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post