Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Routing

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 2 Posters 4.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hatboy
      last edited by

      Hi, we have several IPs coming in from a T1 and connected to pfsense. OpenDNS with content filtering is used for the main IP configured in WAN. For the other IPs the ISP gives us, I rerouted certain computers to use them (under firewal-rules) and it works great, however DNS is still using the main IP's DNS servers and this results in blocked website. The purpose of routing some computers away from the main IP is to get some websites unblocked. Using an alternate DNS server and manually configuring it on the computer itself is not an option because we have a Domain Controller set up, and it is vital to route all DNS queries primarily through the DC's DNS server. How can I tell pfsense not to use WAN to get DNS queries, rather use the IP address that it's originating from?
      I also set up a 1:1 NAT, no resolution.
      Thank you in advance.

      1 Reply Last reply Reply Quote 0
      • B
        blak111
        last edited by

        If all of your clients are pointing to the DC for DNS, all of your queries will look like they are coming from the DC so you won't be able to differentiate the source.

        1 Reply Last reply Reply Quote 0
        • H
          hatboy
          last edited by

          Oh, I see
          Regardless, is there any other way around this? I would like to keep a loophole referenced for a future installation.

          1 Reply Last reply Reply Quote 0
          • B
            blak111
            last edited by

            You could have the domain controller's DNS traffic go out the other link to OpenDNS for the non-filtered traffic.
            Point all of the clients that don't need to be filtered directly to the controller for DNS.

            Enable the pfSense DNS forwarder. Use the option to forward requests for your active directory DNS name to your domain controller.
            Then point all of the clients that need to be filtered to pfSense.

            1 Reply Last reply Reply Quote 0
            • H
              hatboy
              last edited by

              I actually figured out another way. Now, forget I even mentioned a DC. When I specify an alternate external IP for certain computers, how do I make DNS also use the alternate external IP, rather than the WAN IP? If I need to make a static route, please let me know exactly what to do, I have no idea at all what a static route is and always have trouble creating one when testing.

              1 Reply Last reply Reply Quote 0
              • B
                blak111
                last edited by

                You should be able to do it using outbound NAT if all of your clients point directly to the OpenDNS servers.

                1 Reply Last reply Reply Quote 0
                • H
                  hatboy
                  last edited by

                  Attempted that, did a flushdns, tried a totally different website that is blocked on my WAN IP, still no success. DNS trace shows that it is using the WAN IP for DNS queries. Any other way?
                  Thanks

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.