Blocking DNS queries to external resolvers
-
Mam/Sir,
Very sorry to bother you all Im very desperate to resolve the issue on my pfsense box. Below are the links:http://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers
Below the solution they mentioned that "You could also allow certain local PCs to use other DNS server by placing a pass rule for them above the block rule." but I cannot understand how to do that. What I want is I want to allow other pc to connect to other DNS server like google DNS 8.8.8.8 and 8.8.4.4. Please help me how to create a rule for that. Im trying to create a rule but still have no luck my internet will become disconnected if im going to insert other DNS IP.
edwin
-
Those instructions look good. To let some systems "out" to use another external DNS server/s:
- Add an alias "ExternalDNSallowed" (or some such name). Add all the LAN IP addresses of systems that are allowed to use an external DNS directly.
- Add an alias "PermittedDNSservers" (or some such name). Add the IP addresses of external DNS servers you allow to be used (e.g. 8.8.8.8 and 8.8.4.4)
- Add a firewall rule on LAN permitting IPv4, TCP+UDP, source "ExternalDNSallowed", destination "PermittedDNSservers", port 53.
- Move the rule up before the wildcard rule that blocks everything to port 53.