"Static" DHCP addresses need individually assigned DNS Servers



  • Ok - bit of a noob. Trying to search for dynamically assigning DNS servers gave me lots of info on DynDNS stuff. NOT what I need :)

    In my DHCP Server Page I have a bunch of MAC Addresses assigned to always get the same IP Address from the DHCP Server.

    Is there a way to assign DNS Servers based on IP/MAC address as well such that I can point my children's devices to OpenDNS's FamilyShield DNS Servers:
    208.67.222.123
    208.67.220.123

    But on the devices owned by myself and my wife I want the DNS Servers to point to OpenDNS's Home (and unblocked) Servers:
    208.67.222.222
    208.67.220.220

    Or even Google's DNS Servers; or heck - even the DNS servers for my ISP (gasp!)

    Any pointers in the right direction?

    Thanks!



  • there is probably another way to do this but setup 2 lan gateways

    192.168.1.200 for kids make default and open to all
    192.168.1.201 for you and wife then enable Static ARP and give your mac ip ectra

    this way you and only the MAC addresses you approve will have unlimited access but any new devices will be forced to use the default gateway until you give them access to the other gateway

    so 1 wan coming in and 2 lan gateways doing the regulation you are looking for



  • @KineticPro:

    there is probably another way to do this but setup 2 lan gateways

    192.168.1.200 for kids make default and open to all
    192.168.1.201 for you and wife then enable Static ARP and give your mac ip ectra

    this way you and only the MAC addresses you approve will have unlimited access but any new devices will be forced to use the default gateway until you give them access to the other gateway

    so 1 wan coming in and 2 lan gateways doing the regulation you are looking for

    This is interesting - I actually kind of like this solution better for a lot of reasons. The next question is:
    How do I set up 2 LAN Gateways?  (Doh! lol)



  • first you need a total of 3 Nic as i said 1 WAN, 2 Lan
    you will probably need to buy another card even a cheap PCI will work

    boot into the web interface of PFSense > Interfaces >
    Assign WAN {probably have}, Lan {Probably have}, Lan2 {New} <pfsense will="" probably="" name="" it="" opt1="">then assign what ever the new interface is for example re1 or em1

    then go to interface and make the settings the same as your current lan

    Services > DHCP Server > LAN2
    use same settings as lan 1 tell you get to Static ARP then enable it
    Make the Gateway an unused ip that will not be assigned by dhcp
    change the DNS servers to full access
    in the bottom of that page enter the device MAC info
    <note 2="" you="" will="" probably="" need="" to="" set="" any="" lan="" device="" static="" keep="" them="" on="" the="" lan2="" gateway="">Services > DHCP Server > LAN1
    change DNS servers to limited access</note></pfsense>


  • Rebel Alliance Developer Netgate

    On 2.1 you could (though it would be a bit cumbersome) setup separate DHCP pools and put in the list of MACs on one to allow and deny on the other, and they can have unique DNS servers that way.

    Of course that would only last until the kids figure out they can hardcode an IP/DNS or spoof their MAC and get around the restrictions. Separating them onto a distinct network is best, assuming they don't have physical access to the gear to switch themselves over to the other network…

    How much you need to worry about that stuff really depends on how smart/sneaky/crafty the kids are :-)


Locked