Blocking DNS queries to external resolvers
Very sorry to bother you all Im very desperate to resolve the issue on my pfsense box. Below are the links:
Below the solution they mentioned that "You could also allow certain local PCs to use other DNS server by placing a pass rule for them above the block rule." but I cannot understand how to do that. What I want is I want to allow other pc to connect to other DNS server like google DNS 220.127.116.11 and 18.104.22.168. Please help me how to create a rule for that. Im trying to create a rule but still have no luck my internet will become disconnected if im going to insert other DNS IP.
Those instructions look good. To let some systems "out" to use another external DNS server/s:
- Add an alias "ExternalDNSallowed" (or some such name). Add all the LAN IP addresses of systems that are allowed to use an external DNS directly.
- Add an alias "PermittedDNSservers" (or some such name). Add the IP addresses of external DNS servers you allow to be used (e.g. 22.214.171.124 and 126.96.36.199)
- Add a firewall rule on LAN permitting IPv4, TCP+UDP, source "ExternalDNSallowed", destination "PermittedDNSservers", port 53.
- Move the rule up before the wildcard rule that blocks everything to port 53.