DNS Forwarder; entering "host overrides" from outside the GUI



  • I'm entering DNS Forwarder host overrides to propogate to DNSMasq host overrides in the unbound.conf file.  Propogation is alive and well.  Will take a number of hours if the GUI is the only avenue to set a large number of overrides.

    Does anyone know a way to drop a few hundred IP/hostnames other than through the Forwarder GUI?

    Any help appreciated…



  • They are in the config.xml file (/cf/conf/conf.xml) under pfsense/dnsmasq/hosts element. Believe it will work fine to edit the config.xml and then do a reboot…



  • if you haven't already done this, I have a couple of questions …

    a) Why are you doing so many IP's?
    b) Why not the whole domain? (and use the forwarder?)

    As to how to do it ... There are several options ... (all work on 2.0.1)

    A) Add config file to dnsmasq ...

    • SSH to pfsense
    • remount your filesystem in read-write mode ( /etc/rc.conf_mount_rw )
    • upload your "unbound.conf" to /usr/local/etc/dnsmasq.conf
    • remount your filesystem in read-only mode ( /etc/rc.conf_mount_rw )
    • restart dnsmasq server under " Status | System " in the GUI

    B) Edit the config file for pfsense

    • SSH to pfsense
    • remount your filesystem in read-write mode ( /etc/rc.conf_mount_rw )
    • edit the config file (/cf/conf/config.xml) and place the contents of your unbound.conf under "<pfsense><dnsmasq><custom_options>"
    • remount your filesystem in read-only mode ( /etc/rc.conf_mount_rw )
    • restart dnsmasq server under " Status | System " in the GUI

    C) Using the GUI

    • go to "Services | DNS Forwarder | Advanced"
    • cut-n-paste the contents of your unbound.conf file into the Advanced box

    D) Pure XML:

    • SSH to pfsense
    • remount your filesystem in read-write mode ( /etc/rc.conf_mount_rw )
    • add "<hosts><host>hostname</host><domain>domain.name</domain><ip>ip.add.re.ss</ip></hosts>" for each host under "<pfsense><dnsmasq>"
    • add "<domains><domain>domain</domain><ip>ip.add.re.ss1</ip></domains>" for each domain under "<pfsense><dnsmasq>"
    • remount your filesystem in read-only mode ( /etc/rc.conf_mount_rw )
    • restart dnsmasq server under " Status | System " in the GUI

    Personally, I use (C) as it's easy to manipulate in excel/notepad/etc, and just cut-n-paste ...

    For "Host Overrides" (using method A,B,C):
    address=/hostname.domain.name/ip

    For "Domain Overrides" (using method A,B,C):
    server=/domain/ip.add.re.ss1
    rebind-domain-ok=/domain/
    If you don't do the rebind-domain-ok then it will get ignored.

    @</dnsmasq></pfsense></dnsmasq></pfsense></custom_options></dnsmasq></pfsense>



  • Albra,
    Wasn't that comfortable editing the xml but maybe I need to warm up to it on the test box.  Prefer your option "C" the best if it works.  I saw the paste window you describe and hoped it may be a method of bulk entry but the note below states that additional options are to be entered.  I thought "options' meant custom forwarder settings rather than hostname/ip entries similar to the paste window in the unbound package.  So is the syntax hostname/ip<space>hostname/ip<space>hostname/ip?

    I'm doing many IP's because my network has 10 gateways with distributed DHCP on each subnet.  And I want Kiwi syslog server to resolve private IP's without relying on if the client device had a hostname entered into it's GUI.  If/when PfSense adds multiple DHCP pools such that leases can be served by PfSense to all gateway subnets then I can abandon this method.

    I use the unbound package so the forwarder is disabled.</space></space>


Log in to reply