PFsense and DNS redirect services



  • Hi all,

    I have recently installed pfsense 2.0.2 on a little micro box to act as a router for my network. I previously had just a standard run of the mill router which worked well but didn't give me the control I wanted (teenagers in the house).

    I live in Australia and have been using a DNS redirect service to get hulu.com on my media center, xbox and PC and it has been working perfectly, no issue's at all. Until I changed over to PFsense.

    How the network was set up prior was simple, in the router I had my ISP's dns servers and in the devices that were connecting to Hulu I would specifiy the IP of my DNS redirect service thus enabling the Hulu system to think I was in the US and enable me to stream the content.

    I figured there would be no change to this with installing PFsense however none of my devices can connect to my DNS redirection service DNS servers and thus Hulu is cracking up saying the content is not available to be viewed outside the US. My wife is about to kill me now not to mention a mutiny from the teenagers.

    I have disabled DNS forwarding, disabled DHCP (although would really like to use this) however this has not fixed the issue. Now here is the tricky part. If I change the WAN DNS servers to the DNS redirection service DNS servers all is ok, but this slows my internet service down for Australian sites.

    How can I configure PFsense to allow DNS overrides in the clients that I access Hulu from with the DNS redirection service but maintain the ISP DNS servers for all the other clients on my network?

    Cheers,

    FFH.



  • The default configuration of pfSense would allow any system connected to the LAN interface to access whatever DNS it wants. I suspect you have done something (possibly inadvertently) that you haven't told us about. To put it differently, I expect your original configuration should have worked as you described.

    @ffh:

    however none of my devices can connect to my DNS redirection service DNS servers

    It would be helpful to have more details including your network configuration. Did the devices with problems have static IP addresses? If so, were those IP addresses in the same subnet of the pfSense interface to which they were connected? Was that the pfSense LAN interface? (By default, access from non-LAN interfaces is blocked.)  If access was blocked by pfSense the block would probably be recorded in the pfSense Firewall log: (see Status -> System Logs, click on Firewall tab).

    Can these devices connect to anything at all by host name or IP address?



  • @wallabybob:

    The default configuration of pfSense would allow any system connected to the LAN interface to access whatever DNS it wants. I suspect you have done something (possibly inadvertently) that you haven't told us about. To put it differently, I expect your original configuration should have worked as you described.

    @ffh:

    however none of my devices can connect to my DNS redirection service DNS servers

    It would be helpful to have more details including your network configuration. Did the devices with problems have static IP addresses? If so, were those IP addresses in the same subnet of the pfSense interface to which they were connected? Was that the pfSense LAN interface? (By default, access from non-LAN interfaces is blocked.)  If access was blocked by pfSense the block would probably be recorded in the pfSense Firewall log: (see Status -> System Logs, click on Firewall tab).

    Can these devices connect to anything at all by host name or IP address?

    Hi Wallabybob,

    This is a pretty vanilla install. Fresh pfsense install. Current network structure is this: Client 1 and 2 with xbox 1 connected to smart switch 1 which has a truncated link (2gb/sec) to smart switch 2. Client 3, media center and xbox 2 connect to smart switch 2. Client 4, Playstation connect to smart switch 2 via powerline adaptor and client 5 connects to smart switch 2 via powerline adaptor. We also have a WAP that connects into smart switch 2 for the tablets and phone etc. The Micro system with pfsense connects into smart switch 2 which intern connects to the modem/router in bridge mode.

    I am using PPPoE for the WAN connection to our ISP. I have squid3 loaded and squidguard to keep the teens under control. I have DHCP enabled for the mobile clients but all PC's (clients), Xbox's, Playstations have specified IP's and DNS servers. The only change to the DNS servers are for the Media center, Client 1 and Xbox 1 which all access Hulu via the DNS redirection service which before pfsense worked perfectly. Once PFsense was installed, it simply won't work. The client DNS settings are not being passed through the PFsense box. I check this with some simple isolation testing. I also changed the DNS servers in PFsense from the ISP's servers to the redirect service'. This works but because they use some fancy proxying to let me watch the programming, it drastically reduces my available bandwidth, from 17mb/sec down to 3mb/sec.

    Oh BTW the DNS redirect Service I am using is called Unotelly. You can go on there with a browser and it will detect if your using their DNS or not, this does not work despite the DNS being specified on the client when I am using the ISP's DNS in PFsense.

    I hope this helps explain it a little better. I can't think of any other pertinent information, like I said. It's pretty much a vanilla install.

    Cheers,

    FFH



  • Is the content downloaded by http? If so, squid will surely be involved and will probably use its "local" DNS rather than whatever you have configured on the real client.

    I don't know enough about squid operation to suggest a fix but it could be worthwhile disabling squid on pfSense, rebooting (to make sure squid is disabled) and then trying your content download.



  • @wallabybob:

    Is the content downloaded by http? If so, squid will surely be involved and will probably use its "local" DNS rather than whatever you have configured on the real client.

    I don't know enough about squid operation to suggest a fix but it could be worthwhile disabling squid on pfSense, rebooting (to make sure squid is disabled) and then trying your content download.

    Yup, that looks like it was the problem. Yes Hulu is delivered via HTTP. Was staring me in the face.

    Anyway I am now going to test for some configuration changes and see if I can get this to work with squid. Thanks for your help Wallabybob.


Log in to reply