Multiple DNS Server instances
Is it possible in the future for multiple DNS server instances?
Just like you can now have multiple Captive portals each assigned to a different interface?
I need some static dns entries setup for my public wifi but do not want these entries on my internal network.
You might be able to get a similar effect by using DNS Forwarder on one interface selectively bound to there (or an alternate port + port forward) mixed with something like unbound for the other interface.
As for multiple distinct instances of the DNS forwarder, it may or may not happen, eventually we'll be moving to Unbound and I'm not sure what might be possible there without having to resort to multiple DNS instances.
I don't believe unbound supports views which is what seems they are asking for.. They want queries from source X to get different results than query from source Y.
Install bind either on pfsense or some other box on your network and your all set.. Bind supports views.
Turn off the built in forwarder and just install bind - simple as
pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.3-release/dns/bind99-9.9.0_1.tbz
Then you can do whatever you could do with bind. BTW that is link to latest bind, there are other older versions you might want to run. And that is for i386 change to amd64 if that is the version of pfsense your running.
Yes, BIND does support views, but it doesn't hook into the GUI at all.
What I was suggesting was:
Unbound serves up general queries on port 53
dnsmasq binds to 5353 with some advanced options to set specific host overrides that would only show up in dnsmasq
Port forward the segments such that when they hit <pfsense ip="" on="" that="" segment:53="" it="" goes="" to="" localhost:5353="" for="" the="" places="" you="" want="" receive="" other="" hostsnames.<br="">Might be uglier than setting up BIND by hand, but unless you already happen to know bind and are comfortable with working in the shell, it would be a lot easier to use my method.</pfsense>
Thanks a bunch!
Views is exactly what I was looking to do. (Basically a dirty way to break certain webpages)
I will try both methods but I am up for the challenge with the command line.
As of right now I am forwarding the request to a wifi router running dd-wrt but I would rather not leave that running.
Hopefully this package turns out well!
This sounds like what i need.
Yup once that package is working you should be golden.. I tried installing it last night - and think it has some kinks to work out currently - but the gui interface to bind settings looks fantastic!!