4. Multiple DNS Server instances

Multiple DNS Server instances

  • R

    Is it possible in the future for multiple DNS server instances?

    Just like you can now have multiple Captive portals each assigned to a different interface?

    I need some static dns entries setup for my public wifi but do not want these entries on my internal network.

    Thanks

    0
  • Rebel Alliance Developer Netgate

    You might be able to get a similar effect by using DNS Forwarder on one interface selectively bound to there (or an alternate port + port forward) mixed with something like unbound for the other interface.

    As for multiple distinct instances of the DNS forwarder, it may or may not happen, eventually we'll be moving to Unbound and I'm not sure what might be possible there without having to resort to multiple DNS instances.

    0
  • LAYER 8 Global Moderator

    I don't believe unbound supports views which is what seems they are asking for..  They want queries from source X to get different results than query from source Y.

    Install bind either on pfsense or some other box on your network and your all set.. Bind supports views.

    Turn off the built in forwarder and just install bind - simple as
    pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.3-release/dns/bind99-9.9.0_1.tbz
    rehash

    Then you can do whatever you could do with bind.  BTW that is link to latest bind, there are other older versions you might want to run.  And that is for i386 change to amd64 if that is the version of pfsense your running.

    0
  • Rebel Alliance Developer Netgate

    Yes, BIND does support views, but it doesn't hook into the GUI at all.

    What I was suggesting was:

    Unbound serves up general queries on port 53
    dnsmasq binds to 5353 with some advanced options to set specific host overrides that would only show up in dnsmasq
    Port forward the segments such that when they hit <pfsense ip="" on="" that="" segment:53="" it="" goes="" to="" localhost:5353="" for="" the="" places="" you="" want="" receive="" other="" hostsnames.<br="">Might be uglier than setting up BIND by hand, but unless you already happen to know bind and are comfortable with working in the shell, it would be a lot easier to use my method.</pfsense>

    0
  • R

    Thanks a bunch!

    Views is exactly what I was looking to do. (Basically a dirty way to break certain webpages)

    I will try both methods but I am up for the challenge with the command line.

    As of right now I am forwarding the request to a wifi router running dd-wrt but I would rather not leave that running.

    Thanks again.

    0
  • R

    Hopefully this package turns out well!

    This sounds like what i need.

    http://forum.pfsense.org/index.php/topic,67917.0/topicseen.html

    0
  • LAYER 8 Global Moderator

    Yup once that package is working you should be golden.. I tried installing it last night - and think it has some kinks to work out currently - but the gui interface to bind settings looks fantastic!!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy