Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DNS Routing

    DHCP and DNS
    2
    7
    4585
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hatboy last edited by

      Hi, we have several IPs coming in from a T1 and connected to pfsense. OpenDNS with content filtering is used for the main IP configured in WAN. For the other IPs the ISP gives us, I rerouted certain computers to use them (under firewal-rules) and it works great, however DNS is still using the main IP's DNS servers and this results in blocked website. The purpose of routing some computers away from the main IP is to get some websites unblocked. Using an alternate DNS server and manually configuring it on the computer itself is not an option because we have a Domain Controller set up, and it is vital to route all DNS queries primarily through the DC's DNS server. How can I tell pfsense not to use WAN to get DNS queries, rather use the IP address that it's originating from?
      I also set up a 1:1 NAT, no resolution.
      Thank you in advance.

      1 Reply Last reply Reply Quote 0
      • B
        blak111 last edited by

        If all of your clients are pointing to the DC for DNS, all of your queries will look like they are coming from the DC so you won't be able to differentiate the source.

        1 Reply Last reply Reply Quote 0
        • H
          hatboy last edited by

          Oh, I see
          Regardless, is there any other way around this? I would like to keep a loophole referenced for a future installation.

          1 Reply Last reply Reply Quote 0
          • B
            blak111 last edited by

            You could have the domain controller's DNS traffic go out the other link to OpenDNS for the non-filtered traffic.
            Point all of the clients that don't need to be filtered directly to the controller for DNS.

            Enable the pfSense DNS forwarder. Use the option to forward requests for your active directory DNS name to your domain controller.
            Then point all of the clients that need to be filtered to pfSense.

            1 Reply Last reply Reply Quote 0
            • H
              hatboy last edited by

              I actually figured out another way. Now, forget I even mentioned a DC. When I specify an alternate external IP for certain computers, how do I make DNS also use the alternate external IP, rather than the WAN IP? If I need to make a static route, please let me know exactly what to do, I have no idea at all what a static route is and always have trouble creating one when testing.

              1 Reply Last reply Reply Quote 0
              • B
                blak111 last edited by

                You should be able to do it using outbound NAT if all of your clients point directly to the OpenDNS servers.

                1 Reply Last reply Reply Quote 0
                • H
                  hatboy last edited by

                  Attempted that, did a flushdns, tried a totally different website that is blocked on my WAN IP, still no success. DNS trace shows that it is using the WAN IP for DNS queries. Any other way?
                  Thanks

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy