DNS per IP



  • Hi,

    I've been trying for severals days now to setup different dns servers for my computers, but i'm for from a geek and pfsense advance setting is a bit out of my league :)
    I manage to build myself a router to use pfsense and it serve my home network.

    Here is my problem, i live in canada, and i use service like unblock us to get "usa" dns and allow me to stream Netflix (USA Content). i've setup my dns in the general tab to those provided by unblock us and it's working fine.

    What i am trying to do now, is having 2-3 or my computers to do not use those dns, and instead use canadian ones, so my kids can watch french content on site that block people who aren't canadian.

    Note:
    All my device are registered by mac adress and have a fixed ip (so i can track bandwith usage easily with BandwithD).
    So if i could configure something (firewall rules ? different interface ? …) to help me choose the dns servers i want to apply to specific IP/Device

    Thanks in advance for the help

    PS: I am using pfsense 2.0.1-RELEASE (i386)



  • There isn't a way to accommodate that in the GUI at this time. You'd have to statically configure the DNS servers on the clients, or use something else as your DHCP server that can give a different DNS server assignment per-host. Or could hack the source code to do so, as ISC dhcpd is capable of such a configuration.



  • @cmb:

    There isn't a way to accommodate that in the GUI at this time.

    What about the DHCP pools in pfSense 2.1 snapshots?


  • Rebel Alliance Developer Netgate

    It would work, but it would be overkill really for just a couple PCs. He'd have to list the full MACs of each PC he wanted to be in the alternate pool in the config.

    What probably needs to happen is similar code as to what I did for pools should be done for the static mapping editing, since nearly all (if not all) of the per-pool options can also be specified for hosts.

    That's beyond what was required for the project that needed the pools code though.



  • Sorry to dredge up an old thread, but i was curious if anyone figured out a fairly easy solution for this? I'm looking to accomplish exactly this for similar reasons.


  • LAYER 8 Global Moderator

    I don't see how using a different dns accomplishes what the OP was asking.

    A VPN sure, but not dns – If I query a dns server in US to find a netflix server, that does not mean they are going to stream to my IP that is CAN..

    The OP never wrote back - so not clear on what he was doing to be honest.

    As to your question - if you want to use different dns on a client, then do so - the easiest solution is to just setup that dns on the client, and its easy enough to create a script to flip between servers if that is what you want.  Just because dhcp hands out name servers does not mean the dhcp client has to use them.

    If you doing exactly what the OP was doing - can you explain to me how doing a query to a nameserver in US bypasses netflix rules on what source IP your coming from.  Yes I understand you can use geoip to hand out different IPs for a resource based up on the source query.

    But I would have to assume that services that block would do so based upon where the source IP of the request came from, not on where a dns query came from??  So are you really using a VPN to circumvent IP based restrictions, or just want to use a different nameserver??


  • Rebel Alliance Developer Netgate

    In 2.1 you can supply different DNS servers for each static lease, so what the OP was asking is possible now. Whether or not that actually solves there problem, who knows.



  • Aha, this is great news i just tested and it works great in 2.1 on the dnsmasq page!

    johnpoz: to answer your question, dns services such as unblock-us.com, tunlr.net and overplay.net allow you to do what we want without the need for a VPN. In my case i want to use bbc iplayer and sky go for formula 1 coverage from the US. I'm not entirely sure how it is accomplished but it works fantastically well, much better than vpn.


  • LAYER 8 Global Moderator

    So they state

    Every computer or other Internet-enabled device has an address. It's made up of numbers, like a street address. Our solution is brilliantly simple. We give you an address where the content you want is available It's like moving your computer or other device without actually moving it.

    Ok its just a freaking proxy service for the services they support, they just use dns to point you to the proxy is all to bypass the IP check.  Yeah this is sneaky..  So you want to got to netflix.com, their dns returns the proxy to use ;)  You hit that like the site, it proxies your connection to real site and looks like you came from where the proxy was - this is done until the IP check portion is completed.


Log in to reply